Your message dated Wed, 15 Jun 2011 21:18:27 +0000 with message-id <e1qwxtn-0002ll...@franck.debian.org> and subject line Bug#629688: fixed in vte 1:0.28.1-1 has caused the Debian Bug report #629688, regarding libvte9: malicious escape sequence causes gnome-terminal to crash (memory consumption DoS) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 629688: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libvte9 Version: 1:0.24.3-2 Severity: important When passing a huge value to the "insert-blank-characters" capability (defined in caps.c), gnome-terminal crashes (and maybe other terminals that depend on libvte9). $ cat -n vte-0.24.3/src/caps.c: [...] 418 {CSI "%d@", "insert-blank-characters", 0}, To reproduce the crash: $ printf "\033[100000000000000000@" > /tmp/x $ cat /tmp/x A sub-function calls the "brk()" syscall until process memory is entirely consumed: $ strace -e brk -f gnome-terminal --disable-factory -x cat /tmp/x Maybe this parameter value should be checked? I wrote a small patch that checks this value inside the vte_sequence_handler_multiple() function in the vte-0.24.3/src/vteseq.c file. Let me know if you're interested. Tested on Debian Release 6.0.1, kernel 2.6.32-5-amd64, gnome-terminal 2.30.2-1.
--- End Message ---
--- Begin Message ---Source: vte Source-Version: 1:0.28.1-1 We believe that the bug you reported is fixed in the latest version of vte, which is due to be installed in the Debian FTP archive: gir1.2-vte-2.90_0.28.1-1_amd64.deb to main/v/vte/gir1.2-vte-2.90_0.28.1-1_amd64.deb libvte-2.90-9_0.28.1-1_amd64.deb to main/v/vte/libvte-2.90-9_0.28.1-1_amd64.deb libvte-2.90-dev_0.28.1-1_amd64.deb to main/v/vte/libvte-2.90-dev_0.28.1-1_amd64.deb libvte-common_0.28.1-1_all.deb to main/v/vte/libvte-common_0.28.1-1_all.deb libvte-dev_0.28.1-1_amd64.deb to main/v/vte/libvte-dev_0.28.1-1_amd64.deb libvte-doc_0.28.1-1_all.deb to main/v/vte/libvte-doc_0.28.1-1_all.deb libvte9-udeb_0.28.1-1_amd64.udeb to main/v/vte/libvte9-udeb_0.28.1-1_amd64.udeb libvte9_0.28.1-1_amd64.deb to main/v/vte/libvte9_0.28.1-1_amd64.deb python-vte_0.28.1-1_amd64.deb to main/v/vte/python-vte_0.28.1-1_amd64.deb vte_0.28.1-1.debian.tar.gz to main/v/vte/vte_0.28.1-1.debian.tar.gz vte_0.28.1-1.dsc to main/v/vte/vte_0.28.1-1.dsc vte_0.28.1.orig.tar.bz2 to main/v/vte/vte_0.28.1.orig.tar.bz2 A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 629...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Josselin Mouette <j...@debian.org> (supplier of updated vte package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 15 Jun 2011 21:47:56 +0200 Source: vte Binary: libvte9 libvte9-udeb libvte-dev libvte-2.90-9 gir1.2-vte-2.90 libvte-2.90-dev libvte-common python-vte libvte-doc Architecture: source all amd64 Version: 1:0.28.1-1 Distribution: unstable Urgency: low Maintainer: Guilherme de S. Pastore <gpast...@debian.org> Changed-By: Josselin Mouette <j...@debian.org> Description: gir1.2-vte-2.90 - GObject introspection data for the VTE library libvte-2.90-9 - Terminal emulator widget for GTK+ 3.0 - runtime files libvte-2.90-dev - Terminal emulator widget for GTK+ 3.0 - development files libvte-common - Terminal emulator widget for GTK+ - common files libvte-dev - Terminal emulator widget for GTK+ 2.0 - development files libvte-doc - Terminal emulator widget for GTK+ - documentation libvte9 - Terminal emulator widget for GTK+ 2.0 - runtime files libvte9-udeb - Terminal emulator widget for GTK+ 2.0 - minimal runtime (udeb) python-vte - Python bindings for the VTE widget set Closes: 629688 Changes: vte (1:0.28.1-1) unstable; urgency=low . * Tighten dependencies on libvte-common. * New upstream release. + CVE-2011-2198: fix memory exhaustion by using special character sequences. Closes: #629688. * Drop check-dist include. Checksums-Sha1: d0f43b8e709e48cafea398d797a102aa2fbf661b 1866 vte_0.28.1-1.dsc 9867f84c6be65ff485d8a1a3c41a359709b6f84c 1341147 vte_0.28.1.orig.tar.bz2 c1dd529d3b5acfc59e3609c73019ed0625824f5c 18646 vte_0.28.1-1.debian.tar.gz 0282adf7a8e5cc53f7da813f6a7bf15921ef9fbb 443384 libvte-common_0.28.1-1_all.deb 17cc1d5913cbad8f2f99d66b6da605ea5a5a180c 518296 libvte-doc_0.28.1-1_all.deb 41c8335e5c2b87c74513ac46e5d3b7bb1c8d1d65 724234 libvte9_0.28.1-1_amd64.deb 00e4c951c830c58176e19c0f4cf9dddf1b99a91a 329524 libvte9-udeb_0.28.1-1_amd64.udeb 2d67e291301353d1dbd05bc5001c8dd1f175c290 758838 libvte-dev_0.28.1-1_amd64.deb 838a73b4291485502837ad5bf350dca43c6a0834 725936 libvte-2.90-9_0.28.1-1_amd64.deb c1891aad4d437a31d1b7e5a8ca28fbe04c4fb6ca 380074 gir1.2-vte-2.90_0.28.1-1_amd64.deb 90d3dbf6fe3117adbde12ab1ac5055d65c3f0ea3 773872 libvte-2.90-dev_0.28.1-1_amd64.deb c598562bc8913a4352046fa622026d430f4dbb5b 412084 python-vte_0.28.1-1_amd64.deb Checksums-Sha256: b2febd9b4f502833bc0a1f95a199c05cd106eb7c0e96a3afec20d54b84d6d0da 1866 vte_0.28.1-1.dsc 0fa6e4872b38fca07d62f5b7d141312a195ba5399a87211b651e721086d8a63a 1341147 vte_0.28.1.orig.tar.bz2 9c4e2d77bb12c8d237eb6f87b60b275ffb386a81ad05886c11371b11da97b9a0 18646 vte_0.28.1-1.debian.tar.gz 4a8145e948818157d3324f3a5c0638aa8737a936781f607f74b38fda82bbe0ce 443384 libvte-common_0.28.1-1_all.deb ee8e6ea32fd2dbfacb277b6ac01aa96c1371ee9d6c6ba1a985455f526a342465 518296 libvte-doc_0.28.1-1_all.deb 5102bd9116e2b31be67187b82cd6a26269cace155dbe635515e7f5a61b391292 724234 libvte9_0.28.1-1_amd64.deb f0fa5d324a9b46df8c748803cc81e1a2720d911365f74358055ed6b393e3809a 329524 libvte9-udeb_0.28.1-1_amd64.udeb 8f381e2d93a69a878af884a233114788d754d9e1777ac065532366a9d335b3de 758838 libvte-dev_0.28.1-1_amd64.deb ee9bdad756d6c55d6d74b2f9550f4ee037f9753c4a7d1f9c5d94837ddd391baa 725936 libvte-2.90-9_0.28.1-1_amd64.deb d3f13d23876af7ec957b7b84b9173bff09adeba2494784044cc9a5844ff8786e 380074 gir1.2-vte-2.90_0.28.1-1_amd64.deb 60bc977257fb655f05b21d2f00b7240241287502b5f468507b105a1f912972b8 773872 libvte-2.90-dev_0.28.1-1_amd64.deb 1686ba3fc510c47e7613a05e482597160855a4a28df16de3319575e3ca57f77c 412084 python-vte_0.28.1-1_amd64.deb Files: 0f40f12f92be37330bafb0f79b27a8f2 1866 libs optional vte_0.28.1-1.dsc 771ff368d4e5ac8e91be4f525b676292 1341147 libs optional vte_0.28.1.orig.tar.bz2 27978b5da4fdec3f1d43c3ca01bfcd31 18646 libs optional vte_0.28.1-1.debian.tar.gz 83dcd854d112245907a5e67e16d254cb 443384 libs optional libvte-common_0.28.1-1_all.deb 822d2c50c609541666d46747a84286e6 518296 doc optional libvte-doc_0.28.1-1_all.deb 380ab68453a3f53846ab45bd80935d3a 724234 libs optional libvte9_0.28.1-1_amd64.deb f5c4b4b3b6ece315ce134177244ed6bc 329524 debian-installer extra libvte9-udeb_0.28.1-1_amd64.udeb 10016f36e96eae997bf30f9a377686cc 758838 libdevel optional libvte-dev_0.28.1-1_amd64.deb 65c8ef176c858467af1efc5021c738f2 725936 libs optional libvte-2.90-9_0.28.1-1_amd64.deb 652e88b138beb116a95e58767f953639 380074 libs optional gir1.2-vte-2.90_0.28.1-1_amd64.deb a9072d7ed3e0ecb492ef460424b5f360 773872 libdevel optional libvte-2.90-dev_0.28.1-1_amd64.deb c76e4c6ba501be52415d018e34aa2b0b 412084 python optional python-vte_0.28.1-1_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFN+R2UrSla4ddfhTMRAtrPAKCjL0Zja5ShiiZtVs1Cr98fwnHgPACgoWUY NuXIZg5s4ktYAbqtpMdFx9k= =EiFh -----END PGP SIGNATURE-----
--- End Message ---
