Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch

Awesome, thank you for the confirmation. I've rolled out the announcement and published the website update. Thanks, everyone! \o/ - u

Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch

Utkarsh Gupta dixit: >Thanks to Thomas for his help, I've uploaded a fix for this regression >(by reverting the backport of that part of the patch which was not >necessary It’s got some memory impact, but probably neglegible here, true. > for this CVE fix). And thanks to Thorsten for his

Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch

On Sat, Mar 06, 2021 at 06:46:25PM +0100, Sven Joachim wrote: ... > Run xterm under valgrind and select some text. Valgrind will be very > unhappy with xterm 327-2+deb9u1 but should not show up any errors in valgrind usually has something to say, but (noting that I'm only interested in what it

Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch

On Sat, Mar 06, 2021 at 06:07:43PM +, Thorsten Glaser wrote: > Sven Joachim dixit: > > >I see that this might be a problem (albeit unlikely to happen in > >practice), however I have trouble understanding exactly where a > >use-after-realloc bug comes into play. Maybe Thorsten can help me fix

Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch

Sven Joachim dixit: >I see that this might be a problem (albeit unlikely to happen in >practice), however I have trouble understanding exactly where a >use-after-realloc bug comes into play. Maybe Thorsten can help me fix >my blindness? The next time something is selected, the code a little

Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch

On 2021-03-06 02:49 +0530, Utkarsh Gupta wrote: > Hi Thorsten > > On Sat, Mar 6, 2021 at 2:25 AM Thorsten Glaser wrote: >> debian/patches/CVE-2021-27135.patch changes button.c line (after >> patching) 3747 to: >> >>line = realloc(line, screen->selection_size); >> >> But “line” is a local

Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch

Hi Thorsten On Sat, Mar 6, 2021 at 2:25 AM Thorsten Glaser wrote: > debian/patches/CVE-2021-27135.patch changes button.c line (after > patching) 3747 to: > >line = realloc(line, screen->selection_size); > > But “line” is a local variable, the address of the buffer must > be stored in the

Bug#984615: xterm: bug in CVE-2021-27135 patch in at least stretch

Source: xterm Version: 327-2+deb9u1 Severity: serious Justification: introduces use-after-realloc debian/patches/CVE-2021-27135.patch changes button.c line (after patching) 3747 to: line = realloc(line, screen->selection_size); But “line” is a local variable, the address of the buffer