SOURCES: XFree86-xterm-can-2003-0063.patch (NEW)
Jakub Bogusz
qboosh at pld.org.pl
Thu May 15 10:02:31 CEST 2003
On Thu, May 15, 2003 at 04:52:01AM +0200, kloczek wrote:
> Module name: SOURCES
> Changes by: kloczek 03/05/15 04:51:56
>
> Added files:
> XFree86-xterm-can-2003-0063.patch
>
> Log message:
> http://icat.nist.gov/icat.cfm?cvename=CAN-2003-0063:
> The xterm terminal emulator in XFree86 4.2.0 allows attackers to modify
> the window title via a certain character escape sequence and then insert
> it back to the command line in the user's terminal, e.g. when the user
> views a file containing the malicious sequence, which could allow the
> attacker to execute arbitrary commands.
Czy ta poprawka nie powinna w pierwszej kolejności trafić do XFree86
4.2.1, do ra/updates/security?
--
Jakub Bogusz http://cyber.cs.net.pl/~qboosh/
More information about the pld-devel-pl
mailing list