Bug#746593: marked as done (rxvt-unicode: CVE-2014-3121: user-assisted arbitrary commands execution)

[Debian Bug Tracking System]

Your message dated Wed, 04 Jun 2014 12:42:39 +0000
with message-id <e1wsawd-00075h...@franck.debian.org>
and subject line Bug#746593: fixed in rxvt-unicode 9.07-2+deb6u1
has caused the Debian Bug report #746593,
regarding rxvt-unicode: CVE-2014-3121: user-assisted arbitrary commands 
execution
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
746593: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746593
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: rxvt-unicode
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole

Hi,

the following vulnerability was published for rxvt-unicode.

CVE-2014-3121[0]:
user-assisted arbitrary commands execution

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3121
    https://security-tracker.debian.org/tracker/CVE-2014-3121

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: rxvt-unicode
Source-Version: 9.07-2+deb6u1

We believe that the bug you reported is fixed in the latest version of
rxvt-unicode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 746...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ryan Kavanagh <r...@debian.org> (supplier of updated rxvt-unicode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 May 2014 09:29:17 -0400
Source: rxvt-unicode
Binary: rxvt-unicode rxvt-unicode-ml rxvt-unicode-lite
Architecture: source amd64
Version: 9.07-2+deb6u1
Distribution: squeeze-security
Urgency: high
Maintainer: Decklin Foster <deck...@red-bean.com>
Changed-By: Ryan Kavanagh <r...@debian.org>
Description: 
 rxvt-unicode - RXVT-like terminal emulator with Unicode support
 rxvt-unicode-lite - RXVT-like terminal emulator with basic Unicode support
 rxvt-unicode-ml - multi-lingual terminal emulator with Unicode support for X11
Closes: 746593
Changes: 
 rxvt-unicode (9.07-2+deb6u1) squeeze-security; urgency=high
 .
   * Fix user-assisted security vulnerability:
     This fixes a user-assisted arbitrary commands execution vulnerability that
     could be exploited using certain escape sequences in a crafted text file
     or program output (CVE-2014-3121) (Closes: #746593)
Checksums-Sha1: 
 86ce463259ddc28c3ad0a5aaee81ede7bb068aa1 2893 rxvt-unicode_9.07-2+deb6u1.dsc
 802be2d3ebd384c0eb3a5723ee402ea5465dfd7e 1072378 rxvt-unicode_9.07.orig.tar.gz
 d68d0bef5c0e7ca88b8f9221fafe5611664cd9cd 24525 
rxvt-unicode_9.07-2+deb6u1.diff.gz
 a2c3c7ff5f45fc2026beb551e28911ac1332d0d4 1299206 
rxvt-unicode_9.07-2+deb6u1_amd64.deb
 681a2583c5f43b2fa1c2d092c4a8327930856292 1301184 
rxvt-unicode-ml_9.07-2+deb6u1_amd64.deb
 ab76ce5eea48e92703a1b7b660a94fa9fa8e0f4b 1068598 
rxvt-unicode-lite_9.07-2+deb6u1_amd64.deb
Checksums-Sha256: 
 b172b1b83be8aa03dabcac703e7a49e447eabd6e257af94955458a4784a769fd 2893 
rxvt-unicode_9.07-2+deb6u1.dsc
 2baf2d4689a3adf48c3966dccad88fbf4a8cecd612da6e5495f8e2eb7a3a8a28 1072378 
rxvt-unicode_9.07.orig.tar.gz
 1c20b789f0c76ccaf50bb04593019402fbe4d6b68613071698855852e72714c7 24525 
rxvt-unicode_9.07-2+deb6u1.diff.gz
 f7d39b081e85f940331c005b9d047fa13316ac9b00ead4585c870ebc3939b5d3 1299206 
rxvt-unicode_9.07-2+deb6u1_amd64.deb
 faa1c26bd02f81a2d37d8340197ed0044f6803bac757f0613f92202e63f6af72 1301184 
rxvt-unicode-ml_9.07-2+deb6u1_amd64.deb
 dff3a035512f97c04830c2e1ead8ed3ab43c3f51aa7eaf47347ec8ace9eae1a2 1068598 
rxvt-unicode-lite_9.07-2+deb6u1_amd64.deb
Files: 
 2e4907cad51d4f16fe128712d29559ea 2893 x11 optional 
rxvt-unicode_9.07-2+deb6u1.dsc
 9bfe2adecd6eef4aaf78c1fd147157db 1072378 x11 optional 
rxvt-unicode_9.07.orig.tar.gz
 e9e3993b993c19929476bcb83a5556d3 24525 x11 optional 
rxvt-unicode_9.07-2+deb6u1.diff.gz
 81ad989e2646075093dcadb784ce228b 1299206 x11 optional 
rxvt-unicode_9.07-2+deb6u1_amd64.deb
 fd9cc30646cbc3c10ac868887cecb682 1301184 x11 optional 
rxvt-unicode-ml_9.07-2+deb6u1_amd64.deb
 93bb948d37e34d07c10d2d0df92692ca 1068598 x11 optional 
rxvt-unicode-lite_9.07-2+deb6u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQUcBAEBCgAGBQJTaj26AAoJEI97+PxKEcl69+Qn/i0twjUWZr97ju4UZ0YtMncw
HUMR0m1HYf6kQVkPYvZEt9nfyOXihSF+8ttYHUC+ndPxA+PO9d1C6P61lQ3aTVeJ
8nV72GJFz8OWRcl0ShTBcP/8Ax6aS8eodCjrKUUx8SSQwlp7jV7yOibgeF0DizCw
RiUnCntFGPcXUI4n6VSMWL6nCW/0YKlrMf4whrHUf47yTbcX6Ub3i+oX/M8Ln+9u
dq5MbldxSzFQliZ+lpdaMAG24H8KsXNpa16GvMFYulaV/S0ZRo3sxxi3FWdsjurq
Ra26m05MPOjPa6HBdY1jpliNACLFFuRU7gvdyWBpuCenjppDZ6JFstvemzacRsSQ
hQ90cvpZN5P1rZSIO8HCfsPPfhYM9fRkhlHX3U9McuSla7ap+M9epE8kvam6S7oa
DlHEP1KWpPy6xf96cAWQvHxsq/9J8FIyGyZGKnX5BrZnlQkVdun/9K63r3xaYfPQ
ndukg8Ldq/GusmSUULpGjot1/FaGMoN7dZMhp5345hVULSQ9lJF4O3CWtA6LH2zR
2Mo/BvNu0QCKt80LTnLmre/ag8D1R9INp0NdI8qbgqkHyhAyCg8V0VFQ0EByfYEI
z6mz7+e1R47tT6jxFZ3QB0KrK88VJHXG1Cll5iqN05G5hgzwBNgnpPkjhAFwDrgr
hQVUhNSNZBgnsQAlTcXcKFwqMbNMgiz3C08Qz3iVGeU/MXZVcvpG91lT+3MlS3FS
QPkhLcMJ24Ad709heaJTNVYhd4O66xWFZ173IZNyUs9uYZMJ92Xo3qQHKiXFsCSg
HKcITN1m5t2QlSPrBhpdw2QcMPLdxBwhxgnF6cAYXogTzFE49FQcjgLAiSneg7eM
ArwBbw5W/THw/C1DCthuJTeze54b6L6/2Se7TkNJdCMr/n+kuv3sSPZ9ndzhCqY6
s9CCy9KlIjO1TcmUeLGAKBi+SO15YZVvhA4J/K22WC8l4oG3OCNFRLN/zK+s7h2Y
CVPVw70YPw9pzs7O+Z2Xm6KqTQs5GSGZmTm2cdntkWUD4EtKy4/9sEii6+zrwXq+
Fzq47tdpLf1c8yI34o8I/l5LXF5vEvunr0G5vlhyAcFtOpGJKvHG7nyBgw/OhRtj
EYXdDErcliRJBR74Z7hXoUzwxgDeeYTb/1jhA9f5AHbCxiLGnw6j1pP8b7DWRtfY
4X0iu8PXJBbUPMSUU5hGMjiJ38lQEUk6fz//h55VmwE81BQ4m3tn4nURAmW5NOO7
Tv8pa5adcmzBx9c7oO3IGW3+ar2tqDoOslcSN/ZTBCBw/I06d3Z8MIb+MIc5RQh2
TM/mCzclC4KBAhyItogBC39UHClpicweoYrGhWWj4GAPwFn9bB+L+A7OvD4gJ6B6
N3PbYO+KfTkJRK1NnyLLMfHMmFUMQ4n4jbW26/fbuXisc2FefwJrC+2FrMrRWVMT
YBAhyoWVHwVddv6DKS+rguUuBDNvJe0f+UFwdrLyejwycHrpXj9bbLtlXFmJpwzE
2BQUiMVYVfjk8sVfebvd5l5xfQDa7XhqVMOuVy7cYnuer7NmnMwYOgzDB3ubg9ja
4eDq6GxvaO4Q+DmCr/JWzy1Q46oVxet+27EHdIHwf2HqgTE34EeeLsJXHfKYHFQH
Fcy338rVkV4nJ9LeYXKzhQDI1zFLRmb3ddexEUNm/D1ucbGg4MxODVeJxDKwOE+Q
+iv5ed7O9CNswDbu7u+t
=cPrT
-----END PGP SIGNATURE-----

--- End Message ---