Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
vte
vte-CVE-2010-2713.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File vte-CVE-2010-2713.patch of Package vte
Description: re-fix CVE-2003-0070, window title reporting. Vulnerability was re-introduced by upstream commit: http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74 Author: Kees Cook <kees@ubuntu.com> Index: vte-0.24.1/src/vteseq.c =================================================================== --- vte-0.24.1.orig/src/vteseq.c 2010-07-08 12:32:52.123733715 -0700 +++ vte-0.24.1/src/vteseq.c 2010-07-08 12:36:58.246424871 -0700 @@ -3183,21 +3183,29 @@ vte_terminal_feed_child(terminal, buf, -1); break; case 20: - /* Report the icon title. */ + /* Report a static icon title, since the real + icon title should NEVER be reported, as it + creates a security vulnerability. See + http://marc.info/?l=bugtraq&m=104612710031920&w=2 + and CVE-2003-0070. */ _vte_debug_print(VTE_DEBUG_PARSE, - "Reporting icon title.\n"); + "Reporting fake icon title.\n"); + /* never use terminal->icon_title here! */ g_snprintf (buf, sizeof (buf), - _VTE_CAP_OSC "L%s" _VTE_CAP_ST, - terminal->icon_title); + _VTE_CAP_OSC "LTerminal" _VTE_CAP_ST); vte_terminal_feed_child(terminal, buf, -1); break; case 21: - /* Report the window title. */ + /* Report a static window title, since the real + window title should NEVER be reported, as it + creates a security vulnerability. See + http://marc.info/?l=bugtraq&m=104612710031920&w=2 + and CVE-2003-0070. */ _vte_debug_print(VTE_DEBUG_PARSE, - "Reporting window title.\n"); + "Reporting fake window title.\n"); + /* never use terminal->window_title here! */ g_snprintf (buf, sizeof (buf), - _VTE_CAP_OSC "l%s" _VTE_CAP_ST, - terminal->window_title); + _VTE_CAP_OSC "lTerminal" _VTE_CAP_ST); vte_terminal_feed_child(terminal, buf, -1); break; default:
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor