Your message dated Tue, 30 Aug 2011 01:55:17 +0000
with message-id <[email protected]>
and subject line Bug#629688: fixed in vte 1:0.24.3-3
has caused the Debian Bug report #629688,
regarding libvte9: malicious escape sequence causes gnome-terminal to crash
(memory consumption DoS)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
629688: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629688
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libvte9
Version: 1:0.24.3-2
Severity: important
When passing a huge value to the "insert-blank-characters" capability
(defined in caps.c), gnome-terminal crashes (and maybe other terminals
that depend on libvte9).
$ cat -n vte-0.24.3/src/caps.c:
[...]
418 {CSI "%d@", "insert-blank-characters", 0},
To reproduce the crash:
$ printf "\033[100000000000000000@" > /tmp/x
$ cat /tmp/x
A sub-function calls the "brk()" syscall until process memory is
entirely consumed:
$ strace -e brk -f gnome-terminal --disable-factory -x cat /tmp/x
Maybe this parameter value should be checked?
I wrote a small patch that checks this value inside the
vte_sequence_handler_multiple() function in the vte-0.24.3/src/vteseq.c
file. Let me know if you're interested.
Tested on Debian Release 6.0.1, kernel 2.6.32-5-amd64, gnome-terminal
2.30.2-1.
--- End Message ---
--- Begin Message ---
Source: vte
Source-Version: 1:0.24.3-3
We believe that the bug you reported is fixed in the latest version of
vte, which is due to be installed in the Debian FTP archive:
libvte-common_0.24.3-3_all.deb
to main/v/vte/libvte-common_0.24.3-3_all.deb
libvte-dev_0.24.3-3_amd64.deb
to main/v/vte/libvte-dev_0.24.3-3_amd64.deb
libvte-doc_0.24.3-3_all.deb
to main/v/vte/libvte-doc_0.24.3-3_all.deb
libvte9-udeb_0.24.3-3_amd64.udeb
to main/v/vte/libvte9-udeb_0.24.3-3_amd64.udeb
libvte9_0.24.3-3_amd64.deb
to main/v/vte/libvte9_0.24.3-3_amd64.deb
python-vte_0.24.3-3_amd64.deb
to main/v/vte/python-vte_0.24.3-3_amd64.deb
vte_0.24.3-3.debian.tar.gz
to main/v/vte/vte_0.24.3-3.debian.tar.gz
vte_0.24.3-3.dsc
to main/v/vte/vte_0.24.3-3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Josselin Mouette <[email protected]> (supplier of updated vte package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 18 Aug 2011 16:17:27 +0200
Source: vte
Binary: libvte9 libvte9-udeb libvte-dev libvte-common python-vte libvte-doc
Architecture: source all amd64
Version: 1:0.24.3-3
Distribution: stable
Urgency: low
Maintainer: Guilherme de S. Pastore <[email protected]>
Changed-By: Josselin Mouette <[email protected]>
Description:
libvte-common - Terminal emulator widget for GTK+ 2.0 - common files
libvte-dev - Terminal emulator widget for GTK+ 2.0 - development files
libvte-doc - Terminal emulator widget for GTK+ 2.0 - documentation
libvte9 - Terminal emulator widget for GTK+ 2.0 - runtime files
libvte9-udeb - Terminal emulator widget for GTK+ 2.0 - minimal runtime (udeb)
python-vte - Python bindings for the VTE widget set
Closes: 629688
Changes:
vte (1:0.24.3-3) stable; urgency=low
.
* 01_CVE-2011-2198.patch: taken from upstream git. Fixes memory
exhaustion vulnerability. Closes: #629688, CVE-2011-2198.
Checksums-Sha1:
ce89cf2e576d0cf2b0afe2d48e4ef484755306e0 1652 vte_0.24.3-3.dsc
fc461d7304425d04a5bc93d8efed8adb8919b539 86057 vte_0.24.3-3.debian.tar.gz
ebaec8479fa2daf3897fdb8d91d84889f3c7a431 415980 libvte-common_0.24.3-3_all.deb
ab57d773b60937cf931e04a37139cca7dbe8d531 395314 libvte-doc_0.24.3-3_all.deb
10c6a58039cec11c23422fa505a16708fdeb6df8 914900 libvte9_0.24.3-3_amd64.deb
06eb4e542e0d3c557d7025fb77793649110dfbac 323472
libvte9-udeb_0.24.3-3_amd64.udeb
2735567f6e91cdf33f9ee95d6eba28a570cb6de9 721902 libvte-dev_0.24.3-3_amd64.deb
6b6c09a00a8b8866ae75e181ce08d4985173f952 387044 python-vte_0.24.3-3_amd64.deb
Checksums-Sha256:
7e0ce00ce7e5f0add472bd90a5d950343897e091b6ddc768cef29c7bdb079c35 1652
vte_0.24.3-3.dsc
12767331670add4b46de6e359be2f61ae6e21ca3632aedf2b429a34f4cd5e9c0 86057
vte_0.24.3-3.debian.tar.gz
7774545e43b498c105d7b2a32226f4fa4096b36101ddf8815b6d0d6f39ffe308 415980
libvte-common_0.24.3-3_all.deb
43f6a108f083cf51353fcd782974716ad8ae0f60c8b78e6b8f1bd8decd38ff98 395314
libvte-doc_0.24.3-3_all.deb
7ed9820e2e1f54d5a74a7bc0076101f016b605aa0a94e8ac5318b03c0d728961 914900
libvte9_0.24.3-3_amd64.deb
3571abf64d148e387fbe22c006d91323b13ed244e0aefd03e3af0414f8c8c3f5 323472
libvte9-udeb_0.24.3-3_amd64.udeb
bdb691f23c4e4912a8a445773ffab13ed22858f98b9323731cf27d05cb7ece1c 721902
libvte-dev_0.24.3-3_amd64.deb
6b7575970c6b2aae96bdb620b1991b0e39a29e2b5e62576e35433443ebc42aed 387044
python-vte_0.24.3-3_amd64.deb
Files:
2377808c000f634e72bfd92e180135db 1652 libs optional vte_0.24.3-3.dsc
0c9af366d1e3f54c20682719029712d9 86057 libs optional vte_0.24.3-3.debian.tar.gz
2edd9b6ef701d6b1341b03e2247d8cef 415980 libs optional
libvte-common_0.24.3-3_all.deb
c08d452850c9733662ed1bbc0cbc65c4 395314 doc optional
libvte-doc_0.24.3-3_all.deb
b78ed14ea8e1569651b869661a01c519 914900 libs optional
libvte9_0.24.3-3_amd64.deb
00ea104ba17708304f920a4e5ed6fcc3 323472 debian-installer extra
libvte9-udeb_0.24.3-3_amd64.udeb
13bdf1883b5ce4e765f2c45842e25c9b 721902 libdevel optional
libvte-dev_0.24.3-3_amd64.deb
76db9529d000eaa4173356526ba43630 387044 python optional
python-vte_0.24.3-3_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOW/1drSla4ddfhTMRAhBAAKDd//wrm5qRDh2AvO/Eu7SSrKz4jgCghu+V
lnOGo+i8szwNtL+SUlEMhow=
=iLFH
-----END PGP SIGNATURE-----
--- End Message ---