Hello Steve, Thanks for reporting this issue. In this case, it is believed that the vulnerability was introduced in screen 4.7.0 (via https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 ), and then fixed in 4.8.0. Ubuntu 18.04 and older versions of screen pre-date the introduction of the vulnerability and thus are not affected. Ubuntu 20.04 and newer as you point out alredy have 4.8.0 and thus are also not-affected.
This information is also represented at https://ubuntu.com/security/CVE-2020-9366 . Also, if there were versions of screen affected, the Ubuntu Security team would not normally pull back a complete new version to older releases, as that would likely introduce behavioral changes that could be considered regressions for users; instead we backport targeted fixes to minimize the risk of regression. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915205 Title: CVE-2020-9366 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/screen/+bug/1915205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs