Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch

To: Utkarsh Gupta <utkarsh@debian.org>
Cc: 984615@bugs.debian.org, Sven Joachim <svenjoac@gmx.de>, "Thomas E. Dickey" <dickey@his.com>
Subject: Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
From: Thorsten Glaser <tg@mirbsd.de>
Date: Sat, 20 Mar 2021 17:27:42 +0000 (UTC)
Message-id: <[🔎] Pine.BSM.4.64L.2103201706240.21359@herc.mirbsd.org>
Reply-to: Thorsten Glaser <tg@mirbsd.de>, 984615@bugs.debian.org
In-reply-to: <CAPP0f94boM55htNN2S7L9=vp4L-Teyow4Mj0wXruq2Xj4befsQ@mail.gmail.com>
References: <[🔎] CAPP0f95m95SBuskPhL5XjG91MbNG_wDV74ZMsbejqvys5ccDiA@mail.gmail.com> <[🔎] 87im646uq6.fsf@turtle.gmx.de> <[🔎] Pine.BSM.4.64L.2103052043370.10313@herc.mirbsd.org> <[🔎] Pine.BSM.4.64L.2103061804080.4852@herc.mirbsd.org> <[🔎] 20210306193522.GA9209@prl-debianold-64.jexium-island.net> <CAPP0f94boM55htNN2S7L9=vp4L-Teyow4Mj0wXruq2Xj4befsQ@mail.gmail.com> <[🔎] Pine.BSM.4.64L.2103052043370.10313@herc.mirbsd.org>

Utkarsh Gupta dixit:

>Thanks to Thomas for his help, I've uploaded a fix for this regression
>(by reverting the backport of that part of the patch which was not
>necessary

It’s got some memory impact, but probably neglegible here, true.

> for this CVE fix). And thanks to Thorsten for his
>comprehensive bug report and to Sven for further debugging and taking
>a look.

You’re welcome.

>Thorsten, could you please test the latest upload and see if
>everything works alright for you?

I don’t actally have a testcase, I’ve just noticed that this is wrong
when trying to backport the patch further myself.

But it won’t hit the bug now.

bye,
//mirabilos
-- 
„Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund,
mksh auf jedem System zu installieren.“
	-- XTaran auf der OpenRheinRuhr, ganz begeistert
(EN: “[…]uhr.gz is a reason to install mksh on every system.”)

Reply to:

Follow-Ups:
- Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
  - From: Utkarsh Gupta <utkarsh@debian.org>

References:
- Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
  - From: Utkarsh Gupta <utkarsh@debian.org>
- Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
  - From: Sven Joachim <svenjoac@gmx.de>
- Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
  - From: Thorsten Glaser <tg@mirbsd.de>
- Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
  - From: Thorsten Glaser <tg@mirbsd.de>
- Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
  - From: Thomas Dickey <dickey@his.com>

Prev by Date: Bug#984615: marked as done (xterm: bug in CVE-2021-27135 patch in at least stretch)
Next by Date: Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
Previous by thread: Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
Next by thread: Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch
Index(es):
- Date
- Thread