Re: Terminal Control Chars

[Ian Zimmerman <itz () very loosely org>]

On 2018-03-05 17:50, up201407890 () alunos dcc fc up pt wrote:

> When pasting characters into several terminal emulators, control
> characters are allowed.  This turns to be a security problem, due to
> the fact that when pasting these characters into terminal text
> editors, such as vi/vim, emacs, nano, etc., remote code execution is
> possible.
>
> This is supposed to be fixed in recent versions of VTE [3], which
> means VTE-based terminal emulators should be safe, but the problem is
> that most distros are shipping older versions and remain vulnerable.
>
> Here's a list of terminal emulators I tested this where it
> worked. Some came by default in my distro (debian), others were
> installed via apt-get. This should also work on other distros:

[...]
> urxvt
[...]

> Please, update VTE and check if the below still works. For the others
> that aren't based on VTE, CVEs should be assigned to each of them. Can
> someone help me figure out which ones are based on VTE and those that
> aren't?

As far as I can see, urxvt (aka rxvt-unicode) does not use vte.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.