[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [screen-devel] GNU Screen v.4.8.0
From: |
Václav Doležal |
Subject: |
Re: [screen-devel] GNU Screen v.4.8.0 |
Date: |
Thu, 13 Feb 2020 10:57:38 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 |
Hello,
Dne 05. 02. 20 v 21:45 Amadeusz Sławiński napsal(a):
> As last fix, fixes potential memory overwrite of quite big size (~768
> bytes), and even though I'm not sure about potential exploitability of
> that issue, I highly recommend everyone to upgrade as soon as possible.
> This issue is present at least since v.4.2.0 (haven't checked earlier).
> Thanks to pippin who brought this to my attention.
if I see correctly, this issue was introduced in v.4.7.0 in commit
c5db181 ansi: add support for xterm OSC 11
https://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=c5db181b6e017cfccb8d7842ce140e59294d9f62
note the deletion of
```
if (--typ2 < 0)
typ2 = 0;
```
At least I can't reproduce this issue on v.4.6.2.
Regards,
Václav Doležal