Re: [screen-devel] [bug #60030] Screen segfaults by displaying some UTF-8 character combination

Hi Tavis, thanks for having a look into this! Tavis Ormandy wrote: > On 2021-02-10, Axel Beckert wrote: > > + else if (i < sizeof combchars / sizeof *combchars) { > > This doesn't seem right, I think it should be compared against the > calloc param at the top of utf8_handl

Re: Bug#982435: screen: CVE-2021-26937

ash an unpatched screen. Actually when Tavis mentioned Thomas, I just wanted to test where I have most contact with Thomas: Lynx. But I found no similar issues in Lynx. :-) Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debi

Re: Bug#982435: screen: CVE-2021-26937

2021-02/msg0.html in my mail reader (mutt) which runs inside screen, did _not_ crash my screen session. So it seems as if mutt has unarmed it in some way. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org A

Re: xymon vulnerabilities in jessie, stretch and buster

first to verify that the Xymon upstream version in Jessie (IIRC 4.3.17) is actually vulnerable. Upstream didn't specify if any version before 4.3.28 is affected, too. Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Dev

Re: [Pkg-zsh-devel] Wheezy update of zsh?

Once it accepted to the > > archive I will release DLA. > > I'll upload zsh 4.3.17-1+deb7u1 now and — to save delays — announce the > DLA too. :) Thanks Abhijith and Chris! Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/

Re: [Pkg-zsh-devel] Wheezy update of zsh?

ling list for that: All Uploaders are subscribed AFAIK and some more people who might be able to help (Daniel Shahaf comes to my mind :-) are subscribed, too. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Develope

Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')

Hi Thomas, Thomas Dickey wrote: > On Wed, Nov 16, 2016 at 12:30:59AM +0100, Axel Beckert wrote: > > Thomas Dickey wrote: > > > > > Alert!: User/password may appear to be a hostname: 'google.com?' > > > > > (e.g, 'google.com') > > > > >

Re: [pkg-lynx-maint] [Lynx-dev] CVE-2016-9179 (invalid URL parsing with '?')

"User/password may appear to be a hostname" alert is now still needed for that case. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99

Re: [Aptitude-devel] updates in aptitude appearing in Upgradable packages rather than Security Updates

apply them all automatically or none. Regards, Axel -- ,''`. | Axel Beckert a...@debian.org, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `-| 4096R: 2517 B724 C5F6