Univention Bugzilla – Bug 54603
xterm: Multiple issues (5.0)
Last modified: 2022-03-30 12:41:39 CEST
New Debian xterm 344-1+deb10u2 fixes: This update addresses the following issue: * Buffer overflow in set_sixel in graphics_sixel.c (CVE-2022-24130)
--- mirror/ftp/pool/main/x/xterm/xterm_344-1+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/xterm_344-1+deb10u2.dsc @@ -1,3 +1,10 @@ +344-1+deb10u2 [Mon, 07 Feb 2022 20:05:11 +0100] Sven Joachim <svenjoac@gmx.de>: + + * Cherry-pick sixel graphics fixes from xterm 370d and 370f. + - Check for out-of-bounds condition while drawing sixels, and quit + that operation (report by Nick Black (CVE-2022-24130), + Closes: #1004689). + 344-1+deb10u1 [Sun, 07 Mar 2021 17:53:16 +0100] Sven Joachim <svenjoac@gmx.de>: * Apply upstream fix from xterm 366 for CVE-2021-27135. <http://piuparts.knut.univention.de/5.0-1/#3266294135647348622>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x276>