Opened 18 months ago

Closed 18 months ago

Last modified 18 months ago

#14639 closed enhancement (fixed)


Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:


New minor version

Change History (4)

comment:1 by Douglas R. Reno, 18 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 18 months ago

Priority: normalhigh
Patch #366 - 2021/02/10

    correct a compiler-warning fix in patch #352 which allowed sign-extension of coordinate values (report by "CismonX").
    correct upper-limit for selection buffer, accounting for combining characters (report/testcase by Tavis Ormandy).
    with alwaysHighlight true, xterm does not properly track focus. The screen->select FOCUS flag remains always on, which prevents bellIsUrgent from working, as the urgent WM_HINT flag is only set in setXUrgency() when the window is not focused. Fix this by updating screen->select in unselectwindow() regardless of the value of always_highlight (patch by Jiri Bohac).
    improve fix for interaction between SRM and ENQ (report by Grant Taylor).
    build-fix for --with-Xaw3dxft, needed when --with-toolbar is omitted (report by Jimmy Olgeni, Emanuel Haupt).

This seems to also contain a fix for CVE-2021-26937



Note that GNU Screen is impacted as well, and it was the original package that was used to discover this bug. Screen is still vulnerable, and the maintainer seems to be working on a patch with the researchers that discovered it.

comment:3 by Douglas R. Reno, 18 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r24213

comment:4 by Douglas R. Reno, 18 months ago

I'll do security advisories once I'm done with my other updates.

Note: See TracTickets for help on using tickets.