Bug#691642: marked as done (xterm: outputting the mc5 sequence (prtr_on / turn on printer) makes xterm crash)

Tue, 27 Nov 2012 13:51:53 -0800 

Your message dated Tue, 27 Nov 2012 21:47:57 +0000
with message-id <[email protected]>
and subject line Bug#691642: fixed in xterm 287-1
has caused the Debian Bug report #691642,
regarding xterm: outputting the mc5 sequence (prtr_on / turn on printer) makes 
xterm crash
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
691642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691642
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: xterm
Version: 278-2
Severity: grave
Tags: security
Justification: causes non-serious data loss

When cat'ing some binary file, my xterm crashed. I've managed to find
the cause: the mc5 terminfo sequence (prtr_on / turn on printer). The
problem can be reproduced with:

1. Run xterm from another terminal.
2. Run the following command:
     printf "\033[5i"
   or
     tput mc5
   The message "sh: 1: : Permission denied" appears in the first
   terminal.
3. Type [Enter]. This terminates xterm with the exit code 13.

I have the following X resource:

  *printerCommand: ""

The xterm(1) man page says:

  printerCommand (class PrinterCommand)
    Specifies  a shell command to which xterm will open a pipe when
    the first MC (Media Copy) command is initiated.  The default is
    an  empty  string, i.e., “”.  If the resource value is given as
    an empty string, the printer is disabled.

So, it doesn't behave correctly with the empty string!

In addition to possible data loss due to the crash, this is a security
problem, because the sequence may appear in a remote file.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.5-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xterm depends on:
ii  libc6           2.13-36
ii  libfontconfig1  2.9.0-7
ii  libice6         2:1.0.8-2
ii  libtinfo5       5.9-10
ii  libutempter0    1.1.5-4
ii  libx11-6        2:1.5.0-1
ii  libxaw7         2:1.0.10-2
ii  libxft2         2.3.1-1
ii  libxmu6         2:1.1.1-1
ii  libxt6          1:1.1.3-1
ii  xbitmaps        1.1.1-2

Versions of packages xterm recommends:
ii  x11-utils  7.7~1

Versions of packages xterm suggests:
pn  xfonts-cyrillic  <none>

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: xterm
Source-Version: 287-1

We believe that the bug you reported is fixed in the latest version of
xterm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <[email protected]> (supplier of updated xterm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Nov 2012 22:27:28 +0100
Source: xterm
Binary: xterm
Architecture: source amd64
Version: 287-1
Distribution: experimental
Urgency: low
Maintainer: Debian X Strike Force <[email protected]>
Changed-By: Julien Cristau <[email protected]>
Description: 
 xterm      - X terminal emulator
Closes: 359006 408666 683942 691642 694375
Changes: 
 xterm (287-1) experimental; urgency=low
 .
   * New upstream release (closes: #694375)
     - add alternateScroll resource and corresponding control sequences which
       modify the scroll-forw and scroll-back actions: when the alternate
       screen is displayed, wheel mouse up/down will send cursor keys (closes:
       #683942)
     - improve rendering for the case when a Unicode character is absent in the
       bold font but present in the normal font by temporarily falling back to
       the normal font (closes: #359006, #408666)
     - check for misconfigured printerCommand resource on the first use, warn
       and disable it if it does not specify an executable command (closes:
       #691642)
   * Drop upstream patches.
   * Refresh remaining patches.
   * Explicitly set --with-desktop-category to avoid desktop-file-install
     failure.
   * Enable backarrowKeyIsErase in configure instead of 900_debian_xterm.diff.
   * Install png/svg icons.
   * Change xterm.man's NAME section to keep whatis(1) happy.
Checksums-Sha1: 
 2e3a950920d5a74b6aaec447454ead50ccda3998 2019 xterm_287-1.dsc
 f1c4bfd11394eaa8158559cea63180fe7cc8d3ed 1103402 xterm_287.orig.tar.gz
 465d898bac50303b06c68dcc9a7453ee74acc9b6 98825 xterm_287-1.diff.gz
 e888c0d5ad201fc4037478fafe07161745c5c560 661918 xterm_287-1_amd64.deb
Checksums-Sha256: 
 f3eb17fceb50a7acb977c36c789812f39319c71b30aa97e7aaf6614cc6cd7d9a 2019 
xterm_287-1.dsc
 b5645b5963d01d15f62fb9071f743b58e4d158581f19f411bf14422519363956 1103402 
xterm_287.orig.tar.gz
 125172942397e818d450c52f5282777cb6c5d8e47b2dcbdd964991001ff2507e 98825 
xterm_287-1.diff.gz
 ce39c08b42cd7b9b61e4ba2037e26fdad8f28039e19ec931f3ed4f03d50070c7 661918 
xterm_287-1_amd64.deb
Files: 
 b341950dad30c453b6c12fc968352c7b 2019 x11 optional xterm_287-1.dsc
 0e4385e66d40b5dd6017d02c3db2a4af 1103402 x11 optional xterm_287.orig.tar.gz
 721f7450a36270648a3bd77f1fce6690 98825 x11 optional xterm_287-1.diff.gz
 0515e28e499ccb1f08d6c928cf32c5f9 661918 x11 optional xterm_287-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQtTDSAAoJEDEBgAUJBeQMxtsP/0DCbmOhFELva5OpFJdwQWfW
mqJPHYS83JNNMQXwYS8IPNBcdpWfWGAT6YLdqgWqBcwUNkMx812nOvn/EDJtr6pG
DrsQim0Ysz/9NGSiKGqckuFcmySmOhCuhRjHmg48wk3ER/hTJWijyxUWsaqhsKqQ
lyeUW9Jw+nKpgqtpkGA85WGoPiDZh4O+sPwC1lNmlDiyw4nWAo2LJgmVJb1JugKH
+o/eEYdZinQBc0UiKnyYQmKUlmoJ+C7W+594/GEOVaeQTyAxNhMjmHqBWO1HglDw
WjBtRZk735LLXMFT9LWMXBbvydcnXUGKE9qSEZVWHDbIqBdJNh6lBm6nMJIMLp7S
/P7WheREZlwDqEOCYdkB/6M0FkSPCYZW5GI7/Lu6Gtm3FjMWIbcaOW8nEdBtiZJm
sDzwjzatxSUtL0iaVRPM+trCy4ynFU74nMCQ6XAFWaekY2g1oUaGAVXtofR2I/oi
3IYXpLXl/DmO4zwq+aMCgYzhvHoC2JzZnvrSt+5RYEsGhXEhakbiwI4G4YcRLbXc
YeYWAs07QKj4+IZ3nvIq5YgVqCUAZjpVlBYlkLFd7KsfTpAPi71NS/jB4L6Z7Foj
9jpqs8jtNjM+B7Rvt7ZF6GCP/f1XlFZRpzm1roL0YIdOvx66BVMOCfk1SSyzqsFX
fpj6xMPGzcI/tFfyFHC9
=E32r
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to