Bug#982439: marked as done (xterm: CVE-2021-27135: crash when selecting specially crafted UTF-8 character sequence)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 11 Feb 2021 09:48:24 +0000
with message-id <E1lA8aG-00062W-BX@fasolo.debian.org>
and subject line Bug#982439: fixed in xterm 366-1
has caused the Debian Bug report #982439,
regarding xterm: CVE-2021-27135: crash when selecting specially crafted UTF-8 character sequence
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
982439: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982439
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: xterm: crash when selecting specially crafted UTF-8 character sequence
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Wed, 10 Feb 2021 11:28:43 +0100
• Message-id: <[🔎] 161295292386.117922.16944037630282150577.reportbug@eldamar.lan>

Source: xterm
Version: 365-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi

See https://www.openwall.com/lists/oss-security/2021/02/09/7 which was
a followup to the screen issue.

Upstream said that there will be shortly a patch released (#366), cf.
https://www.openwall.com/lists/oss-security/2021/02/09/9

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 982439-close@bugs.debian.org
• Subject: Bug#982439: fixed in xterm 366-1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Thu, 11 Feb 2021 09:48:24 +0000
• Message-id: <E1lA8aG-00062W-BX@fasolo.debian.org>
• Reply-to: Julien Cristau <jcristau@debian.org>

Source: xterm
Source-Version: 366-1
Done: Julien Cristau <jcristau@debian.org>

We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 982439@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xterm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 11 Feb 2021 10:31:09 +0100
Source: xterm
Architecture: source
Version: 366-1
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Closes: 982439
Changes:
 xterm (366-1) unstable; urgency=medium
 .
   * New upstream release
     - correct upper-limit for selection buffer, accounting for combining
       characters (report/testcase by Tavis Ormandy).  Closes: #982439
Checksums-Sha1:
 10400871769e16c853ad139165d8347909f4184c 2478 xterm_366-1.dsc
 1ec2fc8b5ee63d5a0d1c69cf7898624f280f6342 1445992 xterm_366.orig.tar.gz
 6a413f3b2eecf76815e40ade93b146a99f7eea75 265 xterm_366.orig.tar.gz.asc
 e83522fb158ca1b6c18dc0bd0f84c4daf02edfd1 112760 xterm_366-1.debian.tar.xz
Checksums-Sha256:
 9a00bc253f1e4422a2c5dfc3aded6ae0864c2537e8a3ad7bff8975a80c691c7a 2478 xterm_366-1.dsc
 858b2885963fe97e712739066aadc1baeba2b33a0016303a7fec7d38bc73bf6e 1445992 xterm_366.orig.tar.gz
 a7cbbc6bf7c1de5d8414c4c5d109aff733f1846ed8d2dea4fba2980126cf8896 265 xterm_366.orig.tar.gz.asc
 fe86ea2728bc07c5bbac53fdddc95f71b700a1e1452f7d2312e248a18a34bf3d 112760 xterm_366-1.debian.tar.xz
Files:
 53c768f6643bdd07bc88ce35cafc6105 2478 x11 optional xterm_366-1.dsc
 defa46224efc2384f030750ceb2252ec 1445992 x11 optional xterm_366.orig.tar.gz
 4d95cf7d665bb8e34552a1fdb0837e49 265 x11 optional xterm_366.orig.tar.gz.asc
 3a1d741fe6a86809c20ddcb7cc747332 112760 x11 optional xterm_366-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmAk+tcUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z62btA//YlLctH5H1XCE48h3TmePxs+hQaUG
CyEAaktywzcx4wt6OrAarWiZWuHf9uVNS1GClW2+QjpjigtyCNh63qyKRP3Lt05z
xVSPNamW4Kausj0BsVVdelQptQVxvxGGKuzFR602HYvOMfLzODJ4B2sBqwGE7CnG
aiSPrwd+59qMAILq4A1jntOPDMaMPMKCGXzunTYNkftlmJ06gP6kXl1KXG2FMTtz
HvQH/yz1F6GeJklEdl2olL7pbWDCb24p0jFn7PmXAYlAR2DsGXMlTjRejOaXUcS7
qGn9tnMARROfx++CodKckdF1OJt8H6j7CgPDUmXmwfvqpW9lVtWXKWt6PxP+UzHX
54+3neb56+fww42vCskmDJM3FfdCam3IanhXd2/4YApuMI6MLcO5bh/JYBBg7KnK
nbQFL/cioe5kAH81jUdjRIbS4v/v5WZr8s2/2VMZSBeVee1YAvhl8Ie0vUWY042k
DDXgfJ9Ex9t6h6WM9HTnnb3FIS9Ub/cpPMAfyIWI4bMIQlKb+rd2ei4WIgxU0Nl+
2puC2EEpW7E2QzLWv39ZlO0x9rBzW2+R7LlN2uUZccfsV+EExh1b8+jxHH05/kUf
A8B7aCIrO7rqA3ea0i2KrU0wdJa61aasV3Uef35D6d6J6vfBRAJUgz3jaOviYtT5
BVzWY3Y+Uiqiim4=
=csEW
-----END PGP SIGNATURE-----

--- End Message ---