Your message dated Thu, 10 Jun 2021 20:22:31 +0000 with message-id <e1lrrcb-000dfp...@fasolo.debian.org> and subject line Bug#989041: fixed in eterm 0.9.6-6.1 has caused the Debian Bug report #989041, regarding eterm: CVE-2021-33477 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 989041: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989041 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: eterm Version: 0.9.6-6 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.9.6-5 Hi, The following vulnerability was published for eterm. Strictly speaking the severity to RC is overrated, but I think it is sensible to make sure that the fix lands in bullseye. For buster the issue is marked no-dsa and could be fixed via an upcoming point release. For reference see the rxvt-unicode fix (which disables the code). CVE-2021-33477[0]: | rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow | (potentially remote) code execution because of improper handling of | certain escape sequences (ESC G Q). A response is terminated by a | newline. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33477 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: eterm Source-Version: 0.9.6-6.1 Done: Utkarsh Gupta <utka...@debian.org> We believe that the bug you reported is fixed in the latest version of eterm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 989...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Utkarsh Gupta <utka...@debian.org> (supplier of updated eterm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 11 Jun 2021 01:11:10 +0530 Source: eterm Architecture: source Version: 0.9.6-6.1 Distribution: unstable Urgency: high Maintainer: José Antonio Jiménez Madrid <donjosemad...@gmail.com> Changed-By: Utkarsh Gupta <utka...@debian.org> Closes: 989041 Changes: eterm (0.9.6-6.1) unstable; urgency=high . * Non-maintainer upload. * Add patch from rxvt-unicode to fix CVE-2021-33477. (Closes: #989041) Checksums-Sha1: bd1c513eb3db769f5d6a82817d49d6cd286c559f 1916 eterm_0.9.6-6.1.dsc 7218dc121964f33b8cfd4ea28636b725df523535 13356 eterm_0.9.6-6.1.debian.tar.xz a63debe66dee34ecfa72ebf3e2bd54b896160c3b 8039 eterm_0.9.6-6.1_amd64.buildinfo Checksums-Sha256: 11b65f9e3fe05b1e9462fd458977ff7d4b13053352c498212dfc36d836945fc2 1916 eterm_0.9.6-6.1.dsc f1a03d8ed49c1e1ced9b34931a5fb51d04fbf9ccf5014d1318b13aaf405a1e8e 13356 eterm_0.9.6-6.1.debian.tar.xz 965a0351b944500720b421f4e5e96ef0271b4c00ca2103a04a6e8808e98cc46c 8039 eterm_0.9.6-6.1_amd64.buildinfo Files: f43e0c7de901668a9bcaba6a7c8566f9 1916 x11 optional eterm_0.9.6-6.1.dsc 0777789f21968aff72f52b5359e2d270 13356 x11 optional eterm_0.9.6-6.1.debian.tar.xz 3f495800ef31f15fad7194c5bf9007fa 8039 x11 optional eterm_0.9.6-6.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmDCa5wTHHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlsdKEAC4Z/piwGfD0jZT6vf5tDQICVXrfNxo KpkiREvgQ4oS/wEJOJwSIdR5I4/ocNs2aUK2NJkC5XSrkjV7lkWyUHQzE+F1hRT2 fBsf83oMrb2nnM/m3g+FKNSdS2+t3wv6CvcJyYPOGAIuVA40qmnk4HUpNNuDGSRn ZmTBNxxO1lUxOgJ0EWDI+BeBHgppY0hAHwENE3ypu5RxquZnyWVMZDZMEbfKKvj4 9b/zhcxiX0VpoPB/oQKlHIge2upCC26hB+Isfj2zarReC5/Tj7wX50zauA+mYS9P 9++r53+wpIvSdyIcK64Digkukf42cQ6kk3ZBjbxfccp6/xQaG6Ogr+9M5GMpE8+f 1s/1A7U+rDHhMAe6SX/s+LT56hjrQb8CQS6twQwpR7oFaVaAlHh8o0N/xi7fVX5D 6qIDb0prNChIXr5H/HzM7edKwEORHjxEV1PpSGabq25etNmbOGJg+/wISsqNSkQW Q1aMIy2G4Eod9dpk6W0jfP5sOtR/5Cm8Z0xzV62HSzd1d8eX8IW1hynpWgU0niAC HjVKhWBSSCoyrUUOpUASD57Q/8WxhLL4/oD1XAklTSV5PvkG5xDpovx2Ob6EeZnk iA53li2You+eoE9MSwOU/zEX2FoksPtBUT8r3m+sFIImPVCwEJumzrl1toKjBB+Q IywmIyYmAbXW5Q== =SZLW -----END PGP SIGNATURE-----
--- End Message ---
