#14639 closed enhancement (fixed)
xterm-366
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version
Change History (4)
comment:1 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 years ago
| Priority: | normal → high |
|---|
Note:
See TracTickets
for help on using tickets.
Patch #366 - 2021/02/10 correct a compiler-warning fix in patch #352 which allowed sign-extension of coordinate values (report by "CismonX"). correct upper-limit for selection buffer, accounting for combining characters (report/testcase by Tavis Ormandy). with alwaysHighlight true, xterm does not properly track focus. The screen->select FOCUS flag remains always on, which prevents bellIsUrgent from working, as the urgent WM_HINT flag is only set in setXUrgency() when the window is not focused. Fix this by updating screen->select in unselectwindow() regardless of the value of always_highlight (patch by Jiri Bohac). improve fix for interaction between SRM and ENQ (report by Grant Taylor). build-fix for --with-Xaw3dxft, needed when --with-toolbar is omitted (report by Jimmy Olgeni, Emanuel Haupt).This seems to also contain a fix for CVE-2021-26937
https://www.openwall.com/lists/oss-security/2021/02/09/7
and
https://www.openwall.com/lists/oss-security/2021/02/09/9
and
https://www.openwall.com/lists/oss-security/2021/02/11/1
Note that GNU Screen is impacted as well, and it was the original package that was used to discover this bug. Screen is still vulnerable, and the maintainer seems to be working on a patch with the researchers that discovered it.
https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html