SOURCES: XFree86-xterm-can-2003-0063.patch (NEW)
Jakub Bogusz
qboosh w pld.org.pl
Czw, 15 Maj 2003, 10:02:31 CEST
On Thu, May 15, 2003 at 04:52:01AM +0200, kloczek wrote:
> Module name: SOURCES
> Changes by: kloczek 03/05/15 04:51:56
>
> Added files:
> XFree86-xterm-can-2003-0063.patch
>
> Log message:
> http://icat.nist.gov/icat.cfm?cvename=CAN-2003-0063:
> The xterm terminal emulator in XFree86 4.2.0 allows attackers to modify
> the window title via a certain character escape sequence and then insert
> it back to the command line in the user's terminal, e.g. when the user
> views a file containing the malicious sequence, which could allow the
> attacker to execute arbitrary commands.
Czy ta poprawka nie powinna w pierwszej kolejności trafić do XFree86
4.2.1, do ra/updates/security?
--
Jakub Bogusz http://cyber.cs.net.pl/~qboosh/
Więcej informacji o liście dyskusyjnej pld-devel-pl