Clone and reassign to vte

Yves-Alexis Perez corsac at debian.org
Sat Jun 16 11:55:43 UTC 2012


clone 673871
reassign -1 libvte9
retitle -1 "malicious escape sequences can cause denial of service for vte-based terminals"
severity -1 important
thanks

Hi vte maintainers,

#673871, which is against the mosh server package, applies to vte too,
and is apparently fixed by 0.32.2, according to
http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news

CVE-2012-2738 has been allocated. I guess 0.32.2 is not a target for
Wheezy, but it'd be nice to backport the relevant fix to unstable so it
migrates properly.

I'm not sure it warrants a DSA but it might be worth backporting the fix
to stable (in case it's affected) in a stable upload.

Regards,
-- 
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20120616/b5918bb7/attachment.pgp>


More information about the pkg-gnome-maintainers mailing list