package/xterm: security bump to patch 376 (0cc7c63f) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 0cc7c63f authored Nov 19, 2022 by Peter Korsgaard Committed by Yann E. MORIN Nov 20, 2022

package/xterm: security bump to patch 376

Fixes the following security issue:

CVE-2022-45063: xterm before 375 allows code execution via font ops, e.g.,
because an OSC 50 response may have Ctrl-g and therefore lead to command
execution within the vi line-editing mode of Zsh:

https://www.openwall.com/lists/oss-security/2022/11/10/1

Additionally, patch 376 fixes a null pointer access issue:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022942



Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

parent f901a90f

Hide whitespace changes

Inline Side-by-side

Please register or to comment