Bug#982439: marked as done (xterm: CVE-2021-27135: crash when selecting specially crafted UTF-8 character sequence)

To: Sven Joachim <svenjoac@gmx.de>
Subject: Bug#982439: marked as done (xterm: CVE-2021-27135: crash when selecting specially crafted UTF-8 character sequence)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 14 Mar 2021 10:06:05 +0000
Message-id: <[🔎] handler.982439.D982439.16157161312072.ackdone@bugs.debian.org>
Reply-to: 982439@bugs.debian.org
References: <E1lLNZa-000Cw1-LN@fasolo.debian.org> <161295292386.117922.16944037630282150577.reportbug@eldamar.lan>

Your message dated Sun, 14 Mar 2021 10:02:10 +0000
with message-id <E1lLNZa-000Cw1-LN@fasolo.debian.org>
and subject line Bug#982439: fixed in xterm 344-1+deb10u1
has caused the Debian Bug report #982439,
regarding xterm: CVE-2021-27135: crash when selecting specially crafted UTF-8 character sequence
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
982439: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982439
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: xterm: crash when selecting specially crafted UTF-8 character sequence

From: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 10 Feb 2021 11:28:43 +0100

Message-id: <161295292386.117922.16944037630282150577.reportbug@eldamar.lan>
Source: xterm
Version: 365-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi

See https://www.openwall.com/lists/oss-security/2021/02/09/7 which was
a followup to the screen issue.

Upstream said that there will be shortly a patch released (#366), cf.
https://www.openwall.com/lists/oss-security/2021/02/09/9

Regards,
Salvatore
--- End Message ---

--- Begin Message ---

To: 982439-close@bugs.debian.org
Subject: Bug#982439: fixed in xterm 344-1+deb10u1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 14 Mar 2021 10:02:10 +0000
Message-id: <E1lLNZa-000Cw1-LN@fasolo.debian.org>
Reply-to: Sven Joachim <svenjoac@gmx.de>

Source: xterm
Source-Version: 344-1+deb10u1
Done: Sven Joachim <svenjoac@gmx.de>

We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 982439@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Joachim <svenjoac@gmx.de> (supplier of updated xterm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 07 Mar 2021 17:53:16 +0100
Source: xterm
Architecture: source
Version: 344-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Closes: 982439
Changes:
 xterm (344-1+deb10u1) buster; urgency=medium
 .
   * Apply upstream fix from xterm 366 for CVE-2021-27135.
     - Correct upper-limit for selection buffer, accounting for combining
       characters (Closes: #982439).
Checksums-Sha1:
 882822c87c8a76c7f34223a8b30f44e8d7168e41 2438 xterm_344-1+deb10u1.dsc
 aa229854ee7ecaf8e446ad7cd3a3139b722e8bf8 109504 xterm_344-1+deb10u1.debian.tar.xz
 b5b42f9331ab686f769f7d84bd4f26b1891d1ed0 7424 xterm_344-1+deb10u1_source.buildinfo
Checksums-Sha256:
 e927be78c44377bf4241602c9a964af7903db039f34f03c3879c017a883c3717 2438 xterm_344-1+deb10u1.dsc
 d4d339ff8a08536da6664c803c75d8aeacb8b125519d2d302c0c7cbf2e2c7376 109504 xterm_344-1+deb10u1.debian.tar.xz
 6d365ffb046bfec59e266987baa84c4baa767c4c2a6f908cd0e4b9eeb6088e4b 7424 xterm_344-1+deb10u1_source.buildinfo
Files:
 88073262690160406dad54c1f1dee004 2438 x11 optional xterm_344-1+deb10u1.dsc
 e640241c9a0bb1c3734a3ae015a1577b 109504 x11 optional xterm_344-1+deb10u1.debian.tar.xz
 6e472a893e9c94f56af103f47fbb614b 7424 x11 optional xterm_344-1+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAmBFB5kACgkQOxBucY1r
Maxnpw//cJEMphhT5EXxtyBxN9oY/Suw1oeLO4eW1XSw/ePCMwlSVjCGTc1uLh3N
VhxahzbU5qYdgO0bDhEf5eGeZvWpUukeoQRFPVn0caie6xJLZFgRmDl1WX36NyZk
HLIgN3VV6DZoMv57jtu1Ps0WE2gXFYn44UpdkXrkuzmAmkCE2U0LeZNvSiJvHbQb
iD8WyMhEtiAwcRaHNjnLTbBP6/SPGiTgMvrOCYetqdDpWxj80EhyuWI3HLDV5kWm
Q1jUL8XjabDl5GP0okaPHq97UBrXP6H0YdnwciBd9rakGChSWXriK0J7tOQltDM2
ZUOi+bsQp3n6Ewuu2bn00W61edGVWYJc2Ih1JQoRrisoqKMzJT0LGCDv1E8vyPxc
xIBrFxuQL35MEaxr0Q061ToALQmzBNfCcpIGU9jtU5Icf80YAGylOuT+mhGECpi3
bOhMPQX+tVwiKfnk+vrqZG6AbC+/HemB0K+t4ctLErdvwDkIpAepnIpbT5X6KzB5
r9SCNk6KR+JwufHNPuw5Xuy1SHCYvs9TpeP6By+yqf1QoA5X3/dh8JWaiVjKvvcd
BVh4jfAhTVBkF1xqfLd9ojlpcjmiE+cIvCSqkS6zm6El3x4cSyLzGVQP/NSmapyQ
v57H7zfnN8LILq1yb4DdAKuSyXgsGAlhD21Q94Pvl03HElJZVN0=
=ahtE
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: xterm_344-1+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new
Next by Date: xterm_344-1+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: xterm_344-1+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new
Next by thread: xterm_344-1+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread