Bug#983051: buster-pu: package xterm/344-1+deb10u1
Control: tags -1 + confirmed
On Sun, 2021-03-07 at 18:21 +0100, Sven Joachim wrote:
> On 2021-02-18 17:54 +0100, Sven Joachim wrote:
[...]
> > I would like to fix bug #982439/CVE-2021-27135[1] in Buster, a
> > potential
> > DoS against xterm when the user selects specially crafted
> > text. The fix
> > is already in testing and applies unmodified to the version in
> > Buster,
> > the code in question had not seen any changes since then. The
> > xterm
> > package in Stretch-LTS has also already been patched.
>
> It turned out that the patch was insufficient and introduced new
> problems reported in bug #984615. Fortunately, upstream had already
> fixed it in xterm 365e/366.
>
> Please find an updated debdiff attached, with it the SaltTextAway()
> function in question is identical to the one in xterm 366
> (bullseye/sid). Apologies for not having tested the initial patch
> thoroughly enough.
>
Please go ahead.
Regards,
Adam
Reply to: