severity 200857 normal
thanks
On Fri, Jul 11, 2003 at 11:52:19AM +0100, Daniel Silverstone wrote:
> Package: xterm
> Version: 4.2.1-9
> Severity: important
>
> With the most recent update I performed to my laptop, xterm has ceased
> responding in any way to the dtterm sequence
>
> ESC [ 2 1 t
>
> Which should cause xterm to respond on the pty with the OSI sequence for
> the current xterm's title.
>
> This causes various programs to lock-up unless you invoke them with TERM set
> to something non xtermish. One such program is dbishell.
>
> If xterm's functionality in this respect was disabled as it was in PuTTY's
> terminal emulator, then could we please have some documentation on how to
> re-enable it if we want to?
This change was deliberate, because the behavior of that escape sequence
is regarded as a security vulnerability.
The package changelog for XFree86 4.2.1-9 says the following:
* patch #093: new; SECURITY: disable window title reporting to work around
potentially malicious text being spewed to terminal window
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063>
Please read the linked URL for more information.
--
G. Branden Robinson | One doesn't have a sense of humor.
Debian GNU/Linux | It has you.
branden@debian.org | -- Larry Gelbart
http://people.debian.org/~branden/ |
Attachment:
pgp8vHKD0ruZg.pgp
Description: PGP signature