On Sun, Aug 10, 2025 at 07:37:18PM -0400, Thomas Dickey wrote: > On Mon, Aug 11, 2025 at 01:09:26AM +0200, Vincent Lefevre wrote: > > Package: xterm > > Version: 398-1 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: Debian Security Team <[email protected]> > > > > I've just noticed that it is very easy to make xterm crash with > > some binary data: > > > > /usr/bin/xterm -e 'printf "\x9a\x85\x08"; sleep 2' > > It's not so easy (I don't see it breaking for me, and I don't see an issue > using asan2 or valgrind, in a recompile).
...that was with Debian/testing and 13. Actually current xterm is #401. I made a fix in #399 which may prevent this particular example from whatever it's doing wrong, but unless I'm able to reproduce it, there's no possible analysis (and the severity doesn't apply unless it's demonstrated to be affecting multiple people). -- Thomas E. Dickey <[email protected]> https://invisible-island.net
signature.asc
Description: PGP signature
