Bug#1053189: bookworm-pu: package foot/1.13.1-2+deb12u1

To: Birger Schacht <birger@debian.org>, 1053189@bugs.debian.org
Subject: Bug#1053189: bookworm-pu: package foot/1.13.1-2+deb12u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 30 Sep 2023 18:05:49 +0100
Message-id: <[🔎] 730e7940aba18464fcc1e92a14ced3b8ca416424.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1053189@bugs.debian.org
In-reply-to: <[🔎] 169596932994.5630.476440815092791736.reportbug@localhost>
References: <[🔎] 169596932994.5630.476440815092791736.reportbug@localhost> <[🔎] 169596932994.5630.476440815092791736.reportbug@localhost>

Control: tags -1 confirmed

On Fri, 2023-09-29 at 08:35 +0200, Birger Schacht wrote:
> The terminal emulator foot contains a vulnerability. The issue is
> that, if an XTGETTCAP escape sequence printed to the terminal
> contains newline characters, foot will echo the newline characters
> back into the PTY as part of the "invalid capability" response.
> (XTGETTCAP strings are supposed to be hex-encoded, so it's not valid
> for them to contain newline characters.) 
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1053189: bookworm-pu: package foot/1.13.1-2+deb12u1
  - From: Birger Schacht <birger@debian.org>

Prev by Date: Processed: Re: Bug#1053189: bookworm-pu: package foot/1.13.1-2+deb12u1
Next by Date: Bug#1053219: bookworm-pu: package lemonldap-ng/2.16.1+ds-deb12u2
Previous by thread: Processed: Re: Bug#1053189: bookworm-pu: package foot/1.13.1-2+deb12u1
Next by thread: Bug#1053217: bookworm-pu: package freetype/2.12.1+dfsg-5+deb12u2
Index(es):
- Date
- Thread