Your message dated Sat, 03 May 2014 21:22:02 +0000
with message-id <[email protected]>
and subject line Bug#746593: fixed in rxvt-unicode 9.20-1
has caused the Debian Bug report #746593,
regarding rxvt-unicode: CVE-2014-3121: user-assisted arbitrary commands
execution
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
746593: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746593
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rxvt-unicode
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
Hi,
the following vulnerability was published for rxvt-unicode.
CVE-2014-3121[0]:
user-assisted arbitrary commands execution
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3121
https://security-tracker.debian.org/tracker/CVE-2014-3121
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rxvt-unicode
Source-Version: 9.20-1
We believe that the bug you reported is fixed in the latest version of
rxvt-unicode, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Kavanagh <[email protected]> (supplier of updated rxvt-unicode package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 02 May 2014 10:01:13 -0400
Source: rxvt-unicode
Binary: rxvt-unicode rxvt-unicode-ml rxvt-unicode-256color rxvt-unicode-lite
Architecture: source amd64
Version: 9.20-1
Distribution: unstable
Urgency: high
Maintainer: Ryan Kavanagh <[email protected]>
Changed-By: Ryan Kavanagh <[email protected]>
Description:
rxvt-unicode - RXVT-like terminal emulator with Unicode support
rxvt-unicode-256color - multi-lingual terminal emulator with Unicode support
for X11
rxvt-unicode-lite - RXVT-like terminal emulator with basic Unicode support
rxvt-unicode-ml - multi-lingual terminal emulator -- transitional package
Closes: 746593
Changes:
rxvt-unicode (9.20-1) unstable; urgency=high
.
* Imported Upstream version 9.20 (Closes: #746593)
+ This fixes a user-assisted arbitrary commands execution vulnerability
that could be exploited using certain escape sequences in a crafted text
file or program output (CVE-2014-3121)
* Update copyright holders
Checksums-Sha1:
30ba726f680bd600092ede8e4234dca1f3955192 3381 rxvt-unicode_9.20-1.dsc
6214c7893a8c968936103e255a1d3d1e9868abf9 916598 rxvt-unicode_9.20.orig.tar.bz2
965dfdd723dff0cdebc5a509a193802e4b47194d 28432
rxvt-unicode_9.20-1.debian.tar.xz
a97a32d8aa7ad92ab6a48d4780c9f01019e3db6b 729254 rxvt-unicode_9.20-1_amd64.deb
370d84a9dc04c7cdc745144bfc69faf6ab8251c9 48026 rxvt-unicode-ml_9.20-1_amd64.deb
b5d11b1c3f7ab0afcdcf9ed9e577eb56484e566c 732828
rxvt-unicode-256color_9.20-1_amd64.deb
95b2ca1834d4df329315a7da5b90e97567831371 496762
rxvt-unicode-lite_9.20-1_amd64.deb
Checksums-Sha256:
b1f4cf357b8bd68ff0fa9c6fb0a4a4af9bd729c59e0be8ed602a1578ee365b02 3381
rxvt-unicode_9.20-1.dsc
e73e13fe64b59fd3c8e6e20c00f149d388741f141b8155e4700d3ed40aa94b4e 916598
rxvt-unicode_9.20.orig.tar.bz2
081cbf28540232ba02026930082f95206c5a4d596cc126dccb3015b69bc2a6df 28432
rxvt-unicode_9.20-1.debian.tar.xz
21a9c9169ce4a38b86fd39c53431e354a5279ac4b8e00dce068a134ad14f012f 729254
rxvt-unicode_9.20-1_amd64.deb
fcfff3b214676e781f5ca20bd89fd6cef63181161c1f32b21c1e76d3d86d49ff 48026
rxvt-unicode-ml_9.20-1_amd64.deb
b460c06328fe99b1218152d1c8dc4eb3d9b313f0bc84bdd4ab864dddff853618 732828
rxvt-unicode-256color_9.20-1_amd64.deb
940a99d0b0809636626d18169677b1fc430a5ad12e853983860b64659d97e2e6 496762
rxvt-unicode-lite_9.20-1_amd64.deb
Files:
d5b821da221c582b6d2bbdc7942cb5a0 729254 x11 optional
rxvt-unicode_9.20-1_amd64.deb
5f8275c2554b1170b11a16a8e1eda83a 48026 oldlibs extra
rxvt-unicode-ml_9.20-1_amd64.deb
aa6e18016467aa5accc8adefff01c9b3 732828 x11 optional
rxvt-unicode-256color_9.20-1_amd64.deb
a531c85a42b1fd699c3001e616821adb 496762 x11 optional
rxvt-unicode-lite_9.20-1_amd64.deb
3a5205bffdd6538b2c6d80aea12ba330 3381 x11 optional rxvt-unicode_9.20-1.dsc
4a5b823f08d21036f94a6c51e94d025b 916598 x11 optional
rxvt-unicode_9.20.orig.tar.bz2
86c8512e73989008e7350b8eda24f2c9 28432 x11 optional
rxvt-unicode_9.20-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQUcBAEBCgAGBQJTZVGKAAoJEI97+PxKEcl674Un+gNgjGyqNGG/dXYd6uH9JUpQ
XS+knxoH9dfAPapAzFqfo6wIn1Qi1x2dBKJnVFjXHZCumOBMPx68NWqesJgE6lHm
P6N/2uN+L9lieCy8ncqoayJhRftekWRA49/sakZPVtrPvJS7GnZ+ca+Xyk/Qux9Y
Hrkkicn9By56kmJvFxPCAqRKA44HjsPykgTDPXPVOtrYxu5wxAvTwZ9lYxf94Cuo
jNF6bHVjaZi4ZMXYleemQ07WO4nRtC5ygDJHiJYgiJh5zXmvbDbah2tw4N1wKkAU
fEFCN3Nej9jRF8q8bnXN1wJjhng6E3CzCL/JtAoEISuXOamtabE+foPVeFC1y7a4
zRHVs3hmUTUfN9hQh1iDKw2AiqC0euCx3LB/NnwvFLd62VSHtcVLpNcKdTPZkv37
mcgGQNlTd10ITcdHtgEocQoaQEp5UP7CZlPCd0cnQ4hnzt/1Hlk1bxOmEDEatL5T
3bNRoq+xMwMGrgvA7QHsFFIXnnHBjlQpiXpl8LbO/CF0kc5xfP4JwWllI/jUZSwE
wEU8Zp3v1Dhjaa0nfvNh6uO7LFfOt/JMEHj60djPBq8ROHURqVRtlaMef45SnJqX
XiA5oK7lfDGRrRhU+ltM8Mk5d4sBaA4wAep3PRsFEpnxpL3kaNGxp9GDlMLj7saK
Cg7lWK8YqNFxsPuKLURVHuPZxe0TVm/kYsaqOQwEjc3YoSXP94QmDRcLQjqpLfAh
ZkJrYmp8cRQum8oS+/C9sAbH8OCofy9u2QCgh4r4Oi9zXIs+C2mkSmvlGGlTAM86
ojBz3auT0V5tjf3tLV6a5aGZcF5IEYi4+0lLhPzrFwGVpXGqYqUlGwm7zF0Ld+Ue
q//Fz0r0sUq2LgK9pfV3WmxbVfIDljl54wUwOxw7i97I3p4ADWtFJYTRMVFIXzVY
QozZKBnP57OyNPodmUMx1aYEmhvtaN14FD6n/ebGqYCidPrX5RgeqyOzWDTxpscR
MC9XmMfjBUpWBguOuT0aBuAfAuyZFEgL5KFFr1sgvYwyg0mgUVHhh3nlOxm79UYl
j6UKjaWxVWjoITaLGSgYN+PiqRXtGJpH4ZjLVgZpPNfULjwJStIr8eLUJcOb3gPI
uDgZcteB1KQ67Posgb6lBILGQKz6j7dAF6KDXPGjjpJWLJTPVN8gp5Zf3XPsoFQa
FUebVG0VkIy6wqx5BT7yZ85Rlhl8wjA2FzH5dm1id0ftm1cadM5eJb2RXCS5JjgD
8YFu16rym19LhIH09RaQVv30yMclGpqLDr2DBAW1BD9F58z98/GpnY47qj4zsTzJ
u5RE5VifobEduCnnMiddUtR7AHDBrARUV6S/RUaH4Whf/ncztpvWZCAUCNa5TOuV
diebsU+Nz5k5wrxAwRswtgL4lJwyd70zigeT5nRH69wFAgrpVuBlc0CIC+5Ugarv
9BineJ1FML3Q7BeV4dgo3iaHBrG5BuprbQBPret3TA81zwn6+T7cJIVUHw1t/nFe
zq1oQgbTdDVE10Uph2E2SoBzPMyaMFk7VmmkX+GJwPzBLAtxQC3/8yfPNYL49Pc4
DipcnXiLaCdgWvbcn6IoZDLjwV+BqbK7uesgIykahDfagJt6YI9FJk5Y6Zh7DGts
+GyY9NkmrN0MqF5d2UDQOjd1zSsDrGTWt5ZvhZIBLHE4zAnV67nTH/Fpg7Hht+hQ
L2D6XiLWZTix6XeUwLlX
=vaA2
-----END PGP SIGNATURE-----
--- End Message ---