Your message dated Fri, 11 Jun 2021 09:47:07 +0000 with message-id <e1lrdkp-000bic...@fasolo.debian.org> and subject line Bug#989041: fixed in eterm 0.9.6-5+deb10u1 has caused the Debian Bug report #989041, regarding eterm: CVE-2021-33477 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 989041: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989041 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: eterm Version: 0.9.6-6 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.9.6-5 Hi, The following vulnerability was published for eterm. Strictly speaking the severity to RC is overrated, but I think it is sensible to make sure that the fix lands in bullseye. For buster the issue is marked no-dsa and could be fixed via an upcoming point release. For reference see the rxvt-unicode fix (which disables the code). CVE-2021-33477[0]: | rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow | (potentially remote) code execution because of improper handling of | certain escape sequences (ESC G Q). A response is terminated by a | newline. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33477 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33477 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: eterm Source-Version: 0.9.6-5+deb10u1 Done: Utkarsh Gupta <utka...@debian.org> We believe that the bug you reported is fixed in the latest version of eterm, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 989...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Utkarsh Gupta <utka...@debian.org> (supplier of updated eterm package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 11 Jun 2021 01:16:57 +0530 Source: eterm Architecture: source Version: 0.9.6-5+deb10u1 Distribution: buster Urgency: high Maintainer: Debian QA Group <packa...@qa.debian.org> Changed-By: Utkarsh Gupta <utka...@debian.org> Closes: 989041 Changes: eterm (0.9.6-5+deb10u1) buster; urgency=high . * Non-maintainer upload by the LTS team. * Add patch from rxvt-unicode to fix CVE-2021-33477. (Closes: #989041) Checksums-Sha1: 6aad465d8a38431b94a96ab214509b9aa0ed6cb0 1920 eterm_0.9.6-5+deb10u1.dsc b4cb00f898ffd2de9bf7ae0ecde1cc3a5fee9f02 831756 eterm_0.9.6.orig.tar.gz 9540adf680b647c24fec1f0a458ed7cf35d66755 13084 eterm_0.9.6-5+deb10u1.debian.tar.xz 7f0cf5299d50b1cee5dcd3f67495181445a14a03 6020 eterm_0.9.6-5+deb10u1_source.buildinfo Checksums-Sha256: a6f9679f1af7029fc0ccac5103e6e160656c6baf69754482aa81caf585c0ac35 1920 eterm_0.9.6-5+deb10u1.dsc 72b907aa64f8bcf053f2ecbc8a2e243c6de353a94ecaf579ff2c4e3ae5d7e13c 831756 eterm_0.9.6.orig.tar.gz 7b59164f66acbdb22f6d23a89cb25210c70998bff7a707f16fb163a0b73cbdac 13084 eterm_0.9.6-5+deb10u1.debian.tar.xz fcf260b07291f70616b2f03d4560465ac63951dae6fb2e619e8472d5a1bb9f6c 6020 eterm_0.9.6-5+deb10u1_source.buildinfo Files: 6090d39921e1f370705d37f02a7284bd 1920 x11 optional eterm_0.9.6-5+deb10u1.dsc 90e424584c22d4050496874d14f78bb1 831756 x11 optional eterm_0.9.6.orig.tar.gz 6b376838f01474f7288c5c3fdfd79999 13084 x11 optional eterm_0.9.6-5+deb10u1.debian.tar.xz b8fd1a2c2583ade89ff4ae59cb1b64cf 6020 x11 optional eterm_0.9.6-5+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmDCbR4THHV0a2Fyc2hA ZGViaWFuLm9yZwAKCRCCPpZ2BsNLlt6lEACIZrNkSxO9czdftIJlahcfskcWFNS4 tuOJLo/ka5sKoVzBNUu+VtJZnLv6CI6DrbMTSpKDxkvECN5uv/2YC/crJfNj9dLC u4tkMUXqjOmW1BbcUg7JgpqyvybLUy3Mzuf8FbOep7JN1WLfVd20qBinX6FUc2pi xRGH+qcx+SwForPZsQf/dDkAWT1N5dryItJwP/Kk26eHGgv+TdK85ejPk5aZaUS8 /ZLN9dlCfuUUEmDjqLbG07R3UjDZQs0ajh20K1+Sg5OQvSdIzrhhEGIo1KlrRYzC pwp+5IXM4hYTMa5GURs6KfkwE69mOdp7YX/t0jEPrfQU8EJaj/0vMpAkYvYGfZDm ZN0pveDw44m2NzgH10yk7C7icitck0v9qwMOwWfuJLBAlygrz3jgWWokrYnPMUGj S60/spolIQeOj9H/xvdbnBHsm7viUWzjyebVi1XqZFa9ytS3qJm04rViPQ9rq55n a24O4U+QgwtjDnEs46wpRhmo4Ea8I7lydvHfw2rY44MwBJYTJi+vALRHqsjT7dKc nBzyF0R4Yk7CTLqiNtGHm6RxytLPio0H/425fPWnJOwTu2IllDbBu3UmzIXC2uRk MZ501RdIs8eRszjFXw6mw3MGSch9gU1hDekbfSWsKOSqYtce6N91WO4gczSVb3mA RhcKNxtddIWikg== =n1Yh -----END PGP SIGNATURE-----
--- End Message ---
