On Sun, Aug 10, 2025 at 07:37:18PM -0400, Thomas Dickey wrote: > On Mon, Aug 11, 2025 at 01:09:26AM +0200, Vincent Lefevre wrote: > > Package: xterm > > Version: 398-1 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: Debian Security Team <team@security.debian.org> > > > > I've just noticed that it is very easy to make xterm crash with > > some binary data: > > > > /usr/bin/xterm -e 'printf "\x9a\x85\x08"; sleep 2' > > It's not so easy (I don't see it breaking for me, and I don't see an issue > using asan2 or valgrind, in a recompile). ...that was with Debian/testing and 13. Actually current xterm is #401. I made a fix in #399 which may prevent this particular example from whatever it's doing wrong, but unless I'm able to reproduce it, there's no possible analysis (and the severity doesn't apply unless it's demonstrated to be affecting multiple people). -- Thomas E. Dickey <dickey@invisible-island.net> https://invisible-island.net
Attachment:
signature.asc
Description: PGP signature