Bug 28080

Summary: screen security issue CVE-2020-9366
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, mageia, ouaurelien
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: screen-4.6.2-2.mga7.src.rpm CVE: CVE-2020-9366
Status comment:

Description Zombie Ryushu 2021-01-13 11:45:50 CET 
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
Zombie Ryushu 2021-01-13 11:46:11 CET

URL: (none) => https://bugs.mageia.org/show_bug.cgi?id=28080
CVE: (none) => CVE-2020-9366

Comment 1 Aurelien Oudelet 2021-01-13 15:07:05 CET 
Hi, thanks for reporting this bug.
As there is no maintainer for this package I added the committers in CC.

(Please set the status to 'assigned' if you are working on it)

CC: (none) => geiger.david68210, mageia, ouaurelien
Assignee: bugsquad => pkg-bugs
URL: https://bugs.mageia.org/show_bug.cgi?id=28080 => (none)

Comment 2 David GEIGER 2021-01-13 17:26:34 CET 
Done for mga7!
Comment 3 David Walser 2021-01-13 17:45:52 CET 
Vulnerability introduced in 4.7.0:
https://bugzilla.redhat.com/show_bug.cgi?id=1801405
https://security-tracker.debian.org/tracker/CVE-2020-9366
https://ubuntu.com/security/CVE-2020-9366

Version: 7 => Cauldron
Status: NEW => RESOLVED
Resolution: (none) => FIXED