Bug#1081907: vte: CVE-2024-37535

Moritz Mühlenhoff jmm at inutil.org
Sun Sep 15 22:18:53 BST 2024


Source: vte
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for vte. This is already addressed
in vte2.91, but also filing this for completeness for the deprecated source
package:

CVE-2024-37535[0]:
| GNOME VTE before 0.76.3 allows an attacker to cause a denial of
| service (memory consumption) via a window resize escape sequence, a
| related issue to CVE-2000-0476.

https://gitlab.gnome.org/GNOME/vte/-/issues/2786
https://www.openwall.com/lists/oss-security/2024/06/09/1
https://gitlab.gnome.org/GNOME/vte/-/commit/fd5511f24b7269195a7083f409244e9787c705dc (master)
https://gitlab.gnome.org/GNOME/vte/-/commit/1803ba866053a3d7840892b9d31fe2944a183eda (master)
https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2 (0.76.3)
https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39 (0.76.3)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-37535
    https://www.cve.org/CVERecord?id=CVE-2024-37535

Please adjust the affected versions in the BTS as needed.



More information about the pkg-gnome-maintainers mailing list