Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#14639 closed enhancement (fixed)


Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 10.1
Component: BOOK Version: SVN
Severity: normal Keywords:


New minor version

Change History (4)

comment:1 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 3 years ago

Priority: normalhigh
Patch #366 - 2021/02/10

    correct a compiler-warning fix in patch #352 which allowed sign-extension of coordinate values (report by "CismonX").
    correct upper-limit for selection buffer, accounting for combining characters (report/testcase by Tavis Ormandy).
    with alwaysHighlight true, xterm does not properly track focus. The screen->select FOCUS flag remains always on, which prevents bellIsUrgent from working, as the urgent WM_HINT flag is only set in setXUrgency() when the window is not focused. Fix this by updating screen->select in unselectwindow() regardless of the value of always_highlight (patch by Jiri Bohac).
    improve fix for interaction between SRM and ENQ (report by Grant Taylor).
    build-fix for --with-Xaw3dxft, needed when --with-toolbar is omitted (report by Jimmy Olgeni, Emanuel Haupt).

This seems to also contain a fix for CVE-2021-26937



Note that GNU Screen is impacted as well, and it was the original package that was used to discover this bug. Screen is still vulnerable, and the maintainer seems to be working on a patch with the researchers that discovered it.

comment:3 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r24213

comment:4 by Douglas R. Reno, 3 years ago

I'll do security advisories once I'm done with my other updates.

Note: See TracTickets for help on using tickets.