oss-sec mailing list archives
Re: terminal emulators' processing of escape sequences
From: Steve Kemp <steve () steve org uk>
Date: Tue, 02 May 2017 03:50:35 +0000
Yves-Alexis Perez of Debian pointed out that whether these crashes occur or not may be related to the version of vte. I'll leave it up to him to post a follow-up on that.
The mention of vte reminded me of a security issue I reported a while
back in the evilvte emulator - shell execution via improper quotation
handling in hyperlinks:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854585
I didn't ask for a CVE ID because the process seems a bit more
complicated these days, but perhaps topical.
Steve
--
https://steve.fi/
Current thread:
- AW: terminal emulators' processing of escape sequences, (continued)
- AW: terminal emulators' processing of escape sequences Fiedler Roman (May 17)
- Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 17)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
- Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 18)
- Re: terminal emulators' processing of escape sequences Tavis Ormandy (May 19)
- Re: terminal emulators' processing of escape sequences Solar Designer (May 17)
- Re: terminal emulators' processing of escape sequences Marc Lehmann (May 17)
- rxvt-unicode "insecure" setting [Was: terminal emulators' processing of escape sequences] Ian Zimmerman (May 17)
- Re: terminal emulators' processing of escape sequences Dominique Martinet (May 17)
- Re: terminal emulators' processing of escape sequences Guido Berhoerster (May 03)
- Re: terminal emulators' processing of escape sequences Ryan Munz (May 08)