Author: branden Date: 2003-06-26 13:01:11 -0500 (Thu, 26 Jun 2003) New Revision: 248
Added: trunk/debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff trunk/debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff Modified: trunk/debian/changelog Log: add two security patches to xterm debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff: SECURITY: disable window title reporting to work around potentially malicious text being spewed to terminal window <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063> debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff: SECURITY: fix for xterm DoS attack; malformed DEC UDK escape sequences can lock the terminal window <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071> Modified: trunk/debian/changelog ============================================================================== --- trunk/debian/changelog 2003-06-26 15:17:12 UTC (rev 247) +++ trunk/debian/changelog 2003-06-26 18:01:11 UTC (rev 248) @@ -1,5 +1,7 @@ -xfree86 (4.2.1-9) unstable; urgency=low +xfree86 (4.2.1-9) unstable; urgency=high + * urgency due to xterm security fixes; see below + * patch #001b: remove special-case logic in linux.cf that defined "HasLinuxInput" to "NO" for Mc68020Architecture; m68k is now supported by the Linux 2.4.20 kernel (at least in Debian), so we let this symbol be @@ -7,6 +9,14 @@ affects the Wacom input driver and should not cause any regressions. (thanks to James Troup for pointing out this no-longer-needed conditional) + * patch #093: new; SECURITY: disable window title reporting to work around + potentially malicious text being spewed to terminal window + <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063> + + * patch #094: new; SECURITY: fix for xterm DoS attack; malformed DEC UDK + escape sequences can lock the terminal window + <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071> + * debian/control: move xlibs-pic from section devel to section libdevel (syncrhonize with Debian archive override file) * debian/rules: replace presently-useless $(DEBUGFLAGS) variable in Added: trunk/debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff ============================================================================== --- trunk/debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff 2003-06-26 15:17:12 UTC (rev 247) +++ trunk/debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff 2003-06-26 18:01:11 UTC (rev 248) @@ -0,0 +1,21 @@ +An equivalent patch is upstream in XTerm #177 (at the latest). + +--- xc/programs/xterm/charproc.c.xterm-can-2003-0063 2002-01-07 16:02:44.000000000 -0500 ++++ xc/programs/xterm/charproc.c 2003-04-03 11:43:14.000000000 -0500 +@@ -3752,11 +3752,16 @@ + break; + + case 21: /* Report the window's title */ ++/* This code block is disabled to fix a security issue reported ++ * in CAN-2003-0063 ++ */ ++#if 0 + report_win_label(screen, 'l', &text, + XGetWMName( + screen->display, + VShellWindow, + &text)); ++#endif + break; + + default: /* DECSLPP (24, 25, 36, 48, 72, 144) */ Added: trunk/debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff ============================================================================== --- trunk/debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff 2003-06-26 15:17:12 UTC (rev 247) +++ trunk/debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff 2003-06-26 18:01:11 UTC (rev 248) @@ -0,0 +1,21 @@ +This patch is upstream in XTerm #173 (at the latest). + +--- xc/programs/xterm/misc.c.xterm-DECUDK-security-fix 2001-10-23 21:21:24.000000000 -0400 ++++ xc/programs/xterm/misc.c 2003-04-03 11:00:48.000000000 -0500 +@@ -1649,6 +1649,7 @@ + reset_decudk(); + + while (*cp) { ++ char *base = cp; + char *str = (char *)malloc(strlen(cp) + 2); + unsigned key = 0; + int len = 0; +@@ -1675,6 +1676,8 @@ + } + if (*cp == ';') + cp++; ++ if (cp == base) /* badly-formed sequence - bail out */ ++ break; + } + } + break; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
