You might be right that the remaining ones that slip through your regex
are mere "nuisance"s. But you know how those things go - one man's
nuisance is another man's vuln. Some of those, anyhow, are implemented
by the Linux console driver.
Why not just take the tried and true "safe" route, as imple
Hi,
Could you elaborate which codes in that manpage you feel are dangerous
and are actually implemented by the common terminals? The old screendump
and window title codes were disabled long ago, I'm not sure any of the
others are anything other than a nuisance.
--
You received this bug notificat
I'm not convinced that really cuts it. Namely, from the diff:
-print(" %s" % (info["description"] or ""))
+# strip ANSI escape sequences
+description = re.sub(r"(\x9B|\x1B\[)[0-?]*[ -/]*[@-~]",
+ "", info["description"] or "")
+
+print("
This bug was fixed in the package software-properties - 0.96.24.32.14
---
software-properties (0.96.24.32.14) bionic-security; urgency=medium
* SECURITY UPDATE: malicious repo could send ANSI sequences to terminal
(LP: #1890286)
- add-apt-repository: strip ANSI sequences fro
This bug was fixed in the package software-properties - 0.98.9.2
---
software-properties (0.98.9.2) focal-security; urgency=medium
* SECURITY UPDATE: malicious repo could send ANSI sequences to terminal
(LP: #1890286)
- add-apt-repository: strip ANSI sequences from the descr
Thanks Jason, please use CVE-2020-15709 for this issue.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15709
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890286
Title:
ansi esc
