Bug#1004689: marked as done (xterm: CVE-2022-24130)

To: Sven Joachim <svenjoac@gmx.de>
Subject: Bug#1004689: marked as done (xterm: CVE-2022-24130)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 01 Feb 2022 20:42:07 +0000
Message-id: <[🔎] handler.1004689.D1004689.164374798220000.ackdone@bugs.debian.org>
Reply-to: 1004689@bugs.debian.org
References: <E1nEzwC-000Fvl-Em@fasolo.debian.org> <164365782361.1534821.9387587991761637854.reportbug@eldamar.lan>

Your message dated Tue, 01 Feb 2022 20:39:40 +0000
with message-id <E1nEzwC-000Fvl-Em@fasolo.debian.org>
and subject line Bug#1004689: fixed in xterm 370-2
has caused the Debian Bug report #1004689,
regarding xterm: CVE-2022-24130
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1004689: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004689
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xterm: CVE-2022-24130
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 31 Jan 2022 20:37:03 +0100
Message-id: <164365782361.1534821.9387587991761637854.reportbug@eldamar.lan>

Source: xterm
Version: 370-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for xterm.

CVE-2022-24130[0]:
| xterm through Patch 370, when Sixel support is enabled, allows
| attackers to trigger a buffer overflow in set_sixel in
| graphics_sixel.c via crafted text.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-24130
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24130
[1] https://www.openwall.com/lists/oss-security/2022/01/30/2
[3] https://www.openwall.com/lists/oss-security/2022/01/30/3

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

To: 1004689-close@bugs.debian.org
Subject: Bug#1004689: fixed in xterm 370-2
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 01 Feb 2022 20:39:40 +0000
Message-id: <E1nEzwC-000Fvl-Em@fasolo.debian.org>
Reply-to: Sven Joachim <svenjoac@gmx.de>

Source: xterm
Source-Version: 370-2
Done: Sven Joachim <svenjoac@gmx.de>

We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1004689@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Joachim <svenjoac@gmx.de> (supplier of updated xterm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Feb 2022 20:56:55 +0100
Source: xterm
Architecture: source
Version: 370-2
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Closes: 1004689
Changes:
 xterm (370-2) unstable; urgency=medium
 .
   * Cherry-pick sixel graphics fixes from xterm 370d and 370f.
     - Check for out-of-bounds condition while drawing sixels, and quit
       that operation (report by Nick Black (CVE-2022-24130),
       Closes: #1004689).
Checksums-Sha1:
 efefc8932556187462e37e9a3f13ca59d3035cb2 2449 xterm_370-2.dsc
 4cc60beed9d7b487193fb95c95aaf21936044177 116612 xterm_370-2.debian.tar.xz
 78453338d35b4d3e25914c1f82fd422710de4359 7695 xterm_370-2_source.buildinfo
Checksums-Sha256:
 2db7e47cfa283ba59d8039d6171c37dba11272e84e1fc49ce2eb1a20b54b2212 2449 xterm_370-2.dsc
 b9edae60872243d1cc9b50e2aaa225b4d899c926ddc14cf0fe30f76997f524df 116612 xterm_370-2.debian.tar.xz
 a417edd7068b84ecdd79ebf4702aa8482ac4e245b96aa70e09eb7dff58f75699 7695 xterm_370-2_source.buildinfo
Files:
 1db70958b177eb91f68d17100e128327 2449 x11 optional xterm_370-2.dsc
 8fe7005f1810b815039296498d08432a 116612 x11 optional xterm_370-2.debian.tar.xz
 09c8c62b97f3513fecc97dc3f2bee5d2 7695 x11 optional xterm_370-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAmH5kQgACgkQOxBucY1r
Mayz1hAAwzTqQ2qoxQ/W4fKrnpg33agHajf81PuAYdqJ5rxAHxvVJekZ9A5imTWs
JpnIfKuS/QmvSlxq+uExBZGBuz5RBFXh6Lx7ttcaKnV03tuz7odRyGl79/h5vR1N
BX94PGa4aOSvSxwB/L/4MUABobrGAmC25pbuN4MkcE1x18SFxQCfyWf4tH4pTu/X
5snh2UVIdLustWoBmWV1/zM+vA/BaqPw2tHiak/ecb2slAFgs+mG6eHJCcJYjgBl
DAvwByrHDLBMbiJzDj1UoOwwWJaYEI9hlA4uhNwHLL/XWT6uUgxBWnVCvfk4bjvh
9xcbaQqPHBl60d+H7Atm4JI5FNsM7LOncMAvPZXJEjH4ZFa4J/CG9kub4igBbaHK
6L5HA1KFrs3p3i0f4QlQ397LhHfVGgQ8DlYe9+k8xpOHvPMpZ4LTlD09ewm58id9
mp2+bfIe0g/iBp5DlK2eYGX5hzzp57yvbcCjaThcLMoj6eD8RG3oynn9m7ifVEpo
adZY5wm81BTC2bEY+/OKJqnghwnkiStXjctIar0Shch39bi6658+kyvrzIUgvinE
YVpTFPngjNznW6cVQGpIHtkIo+72xwdhJaWFmv92mWdf06bSYp2tHFzfvg0ObuZC
tIt9NkA8krIzV2IV6GRyA6URKUxb3Tdchq1v0lQ5K6ZMddGbbtw=
=4Ssz
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processing of xterm_370-2_source.changes
Next by Date: xterm_370-2_source.changes ACCEPTED into unstable
Previous by thread: Processing of xterm_370-2_source.changes
Next by thread: Bug#1004689: marked as done (xterm: CVE-2022-24130)
Index(es):
- Date
- Thread