[Buildroot] [PATCH] package/xterm: security bump to patch 376
Peter Korsgaard
peter at korsgaard.com
Wed Nov 23 09:47:34 UTC 2022
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issue:
> CVE-2022-45063: xterm before 375 allows code execution via font ops, e.g.,
> because an OSC 50 response may have Ctrl-g and therefore lead to command
> execution within the vi line-editing mode of Zsh:
> https://www.openwall.com/lists/oss-security/2022/11/10/1
> Additionally, patch 376 fixes a null pointer access issue:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022942
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list