#14682 closed enhancement (fixed)
Generate security patch for Screen (CVE-2021-26937)
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Generate a security patch for CVE-2021-26937, similar to xterm.
The patch can be found here:
https://sources.debian.org/src/screen/4.8.0-5/debian/patches/99_CVE-2021-26937.patch/
With a minor supplement here to prevent a regression:
https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00012.html
Relevant oss-security postings:
https://www.openwall.com/lists/oss-security/2021/02/09/7
and
https://www.openwall.com/lists/oss-security/2021/02/09/9
and
Change History (4)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 years ago
comment:4 by , 3 years ago
| Priority: | elevated → high |
|---|
Now capable of shell injection. Marked as High per 9.8 CRITICAL rating by NVD
Note:
See TracTickets
for help on using tickets.
Patch is in the patches repository (r4264).