Bug#746593: marked as done (rxvt-unicode: CVE-2014-3121: user-assisted arbitrary commands execution)

[Debian Bug Tracking System]

Your message dated Tue, 27 May 2014 22:47:09 +0000
with message-id <e1wpq9f-0000vj...@franck.debian.org>
and subject line Bug#746593: fixed in rxvt-unicode 9.15-2+deb7u1
has caused the Debian Bug report #746593,
regarding rxvt-unicode: CVE-2014-3121: user-assisted arbitrary commands 
execution
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
746593: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746593
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: rxvt-unicode
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole

Hi,

the following vulnerability was published for rxvt-unicode.

CVE-2014-3121[0]:
user-assisted arbitrary commands execution

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3121
    https://security-tracker.debian.org/tracker/CVE-2014-3121

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: rxvt-unicode
Source-Version: 9.15-2+deb7u1

We believe that the bug you reported is fixed in the latest version of
rxvt-unicode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 746...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryan Kavanagh <r...@debian.org> (supplier of updated rxvt-unicode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 May 2014 09:32:02 -0400
Source: rxvt-unicode
Binary: rxvt-unicode rxvt-unicode-ml rxvt-unicode-256color rxvt-unicode-lite
Architecture: source amd64
Version: 9.15-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian rxvt-unicode Maintainers 
<pkg-urxvt-maintain...@lists.alioth.debian.org>
Changed-By: Ryan Kavanagh <r...@debian.org>
Description: 
 rxvt-unicode - RXVT-like terminal emulator with Unicode support
 rxvt-unicode-256color - multi-lingual terminal emulator with Unicode support 
for X11
 rxvt-unicode-lite - RXVT-like terminal emulator with basic Unicode support
 rxvt-unicode-ml - multi-lingual terminal emulator -- transitional package
Closes: 746593
Changes: 
 rxvt-unicode (9.15-2+deb7u1) wheezy-security; urgency=high
 .
   * Fix user-assisted security vulnerability, 13_CVE-2014-3121.diff:
     This fixes a user-assisted arbitrary commands execution vulnerability that
     could be exploited using certain escape sequences in a crafted text file
     or program output (CVE-2014-3121) (Closes: #746593)
Checksums-Sha1: 
 e8f3128afa537dfcb3df46c1e587a86ecc8ff212 3439 rxvt-unicode_9.15-2+deb7u1.dsc
 e6fdf091860ecb458730dc68b0176f67f207a2f7 894764 rxvt-unicode_9.15.orig.tar.bz2
 d810cb15206a176f0910164ae92e129b9d599d1f 31577 
rxvt-unicode_9.15-2+deb7u1.debian.tar.gz
 580483cd39a3e1b09efef7e1eb97921cfe494dd5 1316844 
rxvt-unicode_9.15-2+deb7u1_amd64.deb
 de2cc3a2e182b1e3cbe52e0ebcccb5135db872b2 45654 
rxvt-unicode-ml_9.15-2+deb7u1_amd64.deb
 a6bb7983be63ff9a1ed4a9dbf3b9f735b2b42105 1319202 
rxvt-unicode-256color_9.15-2+deb7u1_amd64.deb
 f53106be4aca77f03854560d72dc6544b93b31aa 1081544 
rxvt-unicode-lite_9.15-2+deb7u1_amd64.deb
Checksums-Sha256: 
 6217ab1032e90d80ff7d1007b882a02211fcd1e5e4a79cf616be4b39dc8ac53a 3439 
rxvt-unicode_9.15-2+deb7u1.dsc
 ec1aa2932da844979ed8140bd92223defb12042aa5e877e05ac31139ca81f2b1 894764 
rxvt-unicode_9.15.orig.tar.bz2
 e4c49d6e09c34adc1c860d3fedb8cd3456722551701f3de8799df77026306312 31577 
rxvt-unicode_9.15-2+deb7u1.debian.tar.gz
 1838857a90adecf2dbd43dcdd99f0f25fca8d548bc0b23a7199e259292163003 1316844 
rxvt-unicode_9.15-2+deb7u1_amd64.deb
 c6e475a17a72a5a217e1e2cd699e487421815678094ddbd309ea22dd30d1a236 45654 
rxvt-unicode-ml_9.15-2+deb7u1_amd64.deb
 4a8566c606cb9c26e51f12ee3e8eca4737c82fcdedcbcdf704ce1105520a0936 1319202 
rxvt-unicode-256color_9.15-2+deb7u1_amd64.deb
 e66f64604b31d87f977e6b5b9c41de8d4ac949f81504e8f5cf83cc62c9c1d06d 1081544 
rxvt-unicode-lite_9.15-2+deb7u1_amd64.deb
Files: 
 28569c80f7bcfd7f6cb5b620bf0d5434 3439 x11 optional 
rxvt-unicode_9.15-2+deb7u1.dsc
 15595aa326167ac5eb68c28d95432faf 894764 x11 optional 
rxvt-unicode_9.15.orig.tar.bz2
 855c2c3535692472b565f3e06c20645c 31577 x11 optional 
rxvt-unicode_9.15-2+deb7u1.debian.tar.gz
 5779de873faa2bb6b12d0402bf732104 1316844 x11 optional 
rxvt-unicode_9.15-2+deb7u1_amd64.deb
 380f890890d19b2b5367ddd2f65eeb1e 45654 oldlibs extra 
rxvt-unicode-ml_9.15-2+deb7u1_amd64.deb
 9f04b94667dba19e994976ed19d55d3e 1319202 x11 optional 
rxvt-unicode-256color_9.15-2+deb7u1_amd64.deb
 df52b0fcdc04dddb22192cfe0ccaa9ee 1081544 x11 optional 
rxvt-unicode-lite_9.15-2+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQUcBAEBCgAGBQJTaj2wAAoJEI97+PxKEcl6N20n/0MCtNwKuU0pQpt4tgMP04b3
BeRVUKKw/IE9j+mdPbpzaSv5qvL5E9uNWRlMkkzE3tLjqpa+5/R7yawPyDuZ8qpd
x08MLNsY/bQOSjiZc2bju2J3/Yb6k8hBr1QzJx/bVLM2vUIXkz2AOh1ffFHkxJ2n
iWWp5X/ui/kWbI/vUDFNi9eh48WHbIo4t0aqsb2r50gzYDU14zyfa1E/LMH4oBHH
IPBE5xH82dzv9I9bsP5eFiMyoTiQo1FjUx56j11leTL4GXvoi3TL/OiTdjLVWQbh
dgXBKhXT2nq3P93JPnUlsUUiTBATCCSySyTT0SHTW1GK83rVLJDEY/sMos73fYZ4
VdllXSyC9RMgxBQfjXXjSrnP9X5+WaPSyBInDlIo4GDpk+UI2PC0/Uz3PDgxyF3I
JBXBKuUO2ZXaHif4fv0VmAPCagCP9wtOmTLaPpTvmS7Q1XTDseuSw1bLt6b+3APu
7iprydgt0aoV1boeWhPFilDNxvzLQY/LBU9exDMChxylciSD+SXcsrMtss5mSYjG
QswJq3k5ARyo7M8mTbSB9Wi+916GwOadNxRHVV6HUCSRiO4D3DunlOazl/0ouFTP
ajw0V+RAkwtEmx1GKCKDcGN2HsuZ1B7GgWRMqvrBrlFxWLqQowqY+i3DZfEQeUqN
PXo4+SgM7X+rvVxWAAgp3saXS5r/Csqz76540t+WVs6uYkCaxu6oxa+CZW6+BpJ7
s4fbCgjYgZxMkG/yCOipUCLWTnCm1zKyw5tSvUOVGheFbbxjAaDymXCX9lnRKeJB
WbAvzZGEpzJjZYPPdaqmprELv/p+8NnslfJ1D/r7B/UKwwODMAjImg3YKX+eKDi4
g2RYdz0YmNih5yBQEHS5FG+mKDr2TUBpeLIT6gj1zBeM34qfEouCXlemqBv2hz/z
Adwke9rLKRHmTsGHSlSz5GOAFgCKrG3K3kho47Zhp6iOpJnXSvcVeyOdFza8pY7u
Nps8iYcn/Fr9bIDXmjxhSVqlyj/3R8zpmKiWxGaHF+b2KqrnOQnC1nGpL7HVdItZ
ucNWKpz71+W8Hah7dLeDI/JALnfgJ0Uk1JBPJ7xGV3JyOT43P0Xd6l8r0rtfGAq6
G3ZS82IBSCKLvrCKqYuXncdy8aM33CYl3sQ0nSH6jB/oTiLrq06l5qlcS1mn3iBX
eV8vwehXTbDzr+b/G7Ye2KMegrhwKn5N0k/2Xr6mEYZusNpjWMrLP8N3tK/s2+FR
wGTUDEz5WNyKkmGajrdUBxv7Qq0xZZO7jGECcCoaF1C8RQZhQLqWQlpDdZMywovS
kLtnDkyWYXk5l+tSzRyoU8o19cuYtgv0BhtY+RXpek7q/cR2DT0relrgG3UUM0wz
SC+332iOVdkNSEhfhzZuHIktmeWyEL6sXG6OlOoNrTIcqKPBeV99VQu4+8d7zjA7
OZ5uFzeBNenJ0ke4dlWIOUK8vlBZcEGbR3jmUo/HvaxCTJzXjE9o327SkkXfwKGW
d8Ix76/zAEmd/OEQIaXrVlAs+7L8DTaJKrHH/U7z49/LAJwxePnOYUkg+Ptm5gjy
bZzWicBBGUYISC0xZvaPYyyOxmca8eG2tvZhFaVVFxq0Ogl6AFp3SFex8zmDnow5
XAEFUmS1NE/brGUqVFg3dmG6kSLM9CKWHWZHVxhhJ5MzxV5AwMc1wlcpjsoFo8Rm
zWezwEEtZSZ8b+wVmcSa
=fGXw
-----END PGP SIGNATURE-----

--- End Message ---