Package: mosh Version: 1.2-1 Severity: important Tags: security I submitted details upstream at
https://github.com/keithw/mosh/issues/271 but here's also a copy: > The commands > > echo -en "\e[2147483647L" > echo -en "\e[2147483647M" > echo -en "\e[2147483647@" > echo -en "\e[2147483647P" > > all cause mosh-server to enter very long for-loops in terminalfunctions.cc. Upstream has released a fix, please consider including it in the debian package. Security team, this also affects gnome-terminal and probably all other terminal emulators that use libvte. Its upstream is also working a fix but they made their bug report restricted for now: https://bugzilla.gnome.org/show_bug.cgi?id=676090 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/6 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mosh depends on: ii libc6 2.13-32 ii libgcc1 1:4.7.0-8 ii libio-pty-perl 1:1.08-1+b2 ii libprotobuf7 2.4.1-1 ii libstdc++6 4.7.0-8 ii libtinfo5 5.9-7 ii libutempter0 1.1.5-4 ii openssh-client 1:5.9p1-5 ii zlib1g 1:1.2.7.dfsg-1 mosh recommends no packages. mosh suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
