Bug 28080 - screen security issue CVE-2020-9366
Summary: screen security issue CVE-2020-9366
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-13 11:45 CET by Zombie Ryushu
Modified: 2021-01-13 17:45 CET (History)
3 users (show)

See Also:
Source RPM: screen-4.6.2-2.mga7.src.rpm
CVE: CVE-2020-9366
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2021-01-13 11:45:50 CET 
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
Zombie Ryushu 2021-01-13 11:46:11 CET

URL: (none) => https://bugs.mageia.org/show_bug.cgi?id=28080
CVE: (none) => CVE-2020-9366

Comment 1 Aurelien Oudelet 2021-01-13 15:07:05 CET 
Hi, thanks for reporting this bug.
As there is no maintainer for this package I added the committers in CC.

(Please set the status to 'assigned' if you are working on it)

CC: (none) => geiger.david68210, mageia, ouaurelien
Assignee: bugsquad => pkg-bugs
URL: https://bugs.mageia.org/show_bug.cgi?id=28080 => (none)

Comment 2 David GEIGER 2021-01-13 17:26:34 CET 
Done for mga7!
Comment 3 David Walser 2021-01-13 17:45:52 CET 
Vulnerability introduced in 4.7.0:
https://bugzilla.redhat.com/show_bug.cgi?id=1801405
https://security-tracker.debian.org/tracker/CVE-2020-9366
https://ubuntu.com/security/CVE-2020-9366

Version: 7 => Cauldron
Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.