diff -u eterm-0.9.2/debian/changelog eterm-0.9.2/debian/changelog --- eterm-0.9.2/debian/changelog +++ eterm-0.9.2/debian/changelog @@ -1,3 +1,18 @@ +eterm (0.9.2-8.3ubuntu2.1) dapper-security; urgency=high + + * SECURITY UPDATE: + + debian/patches/CVE-2008-1692 (LP: #216604) + - Fix opening the terminal on display :0 if no DISPLAY + environment variable is specified to prevent local + attackers from hijacking X11 connections in certain + environments. + + * References + + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1692 + + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127 + + -- Emanuele Gentili Thu, 19 Jun 2008 03:05:23 +0200 + eterm (0.9.2-8.3build2) dapper; urgency=low * Trigger rebuild against updated libast2-dev diff -u eterm-0.9.2/debian/control eterm-0.9.2/debian/control --- eterm-0.9.2/debian/control +++ eterm-0.9.2/debian/control @@ -1,7 +1,8 @@ Source: eterm Section: x11 Priority: optional -Maintainer: Laurence J. Lane +Maintainer: Ubuntu MOTU Team +XSBC-Original-Maintainer: Laurence J. Lane Standards-Version: 3.6.2 Build-Depends: libxmu-dev,libsm-dev, libice-dev, libxext-dev, libx11-dev, libxt-dev, libimlib2-dev, libast2-dev (>= 0.6-0pre2003010606), libpcre3-dev, cdbs, debhelper (>> 4.1.0) only in patch2: unchanged: --- eterm-0.9.2.orig/debian/patches/CVE-2008-1692.diff +++ eterm-0.9.2/debian/patches/CVE-2008-1692.diff @@ -0,0 +1,13 @@ +diff -Nur -x '*.orig' -x '*~' eterm-0.9.2/src/startup.c eterm-0.9.2.new/src/startup.c +--- eterm-0.9.2/src/startup.c 2008-06-19 02:59:52.000000000 +0200 ++++ eterm-0.9.2.new/src/startup.c 2008-06-19 03:04:30.000000000 +0200 +@@ -95,7 +95,8 @@ + + /* Open display, get options/resources and create the window */ + if (getenv("DISPLAY") == NULL) { +- display_name = STRDUP(":0"); ++ libast_print_error("can't open display, DISPLAY not set?!\n"); ++ exit(EXIT_FAILURE); + } else { + display_name = STRDUP(getenv("DISPLAY")); + }