Source: eterm Version: 0.9.6-6 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.9.6-5
Hi, The following vulnerability was published for eterm. Strictly speaking the severity to RC is overrated, but I think it is sensible to make sure that the fix lands in bullseye. For buster the issue is marked no-dsa and could be fixed via an upcoming point release. For reference see the rxvt-unicode fix (which disables the code). CVE-2021-33477[0]: | rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow | (potentially remote) code execution because of improper handling of | certain escape sequences (ESC G Q). A response is terminated by a | newline. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33477 Regards, Salvatore
