Opened 3 years ago
Closed 3 years ago
Last modified 3 years ago
New minor version
Patch #366 - 2021/02/10
correct a compiler-warning fix in patch #352 which allowed sign-extension of coordinate values (report by "CismonX").
correct upper-limit for selection buffer, accounting for combining characters (report/testcase by Tavis Ormandy).
with alwaysHighlight true, xterm does not properly track focus. The screen->select FOCUS flag remains always on, which prevents bellIsUrgent from working, as the urgent WM_HINT flag is only set in setXUrgency() when the window is not focused. Fix this by updating screen->select in unselectwindow() regardless of the value of always_highlight (patch by Jiri Bohac).
improve fix for interaction between SRM and ENQ (report by Grant Taylor).
build-fix for --with-Xaw3dxft, needed when --with-toolbar is omitted (report by Jimmy Olgeni, Emanuel Haupt).
This seems to also contain a fix for CVE-2021-26937
Note that GNU Screen is impacted as well, and it was the original package that was used to discover this bug. Screen is still vulnerable, and the maintainer seems to be working on a patch with the researchers that discovered it.
Fixed at r24213
I'll do security advisories once I'm done with my other updates.
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2022 Gerard Beekmans.