CVE-2021-26937 has been assigned for a security issue discussed in this thread: https://www.openwall.com/lists/oss-security/2021/02/09/8 Mageia 7 and Mageia 8 are also affected.
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=28391
Whiteboard: (none) => MGA8TOO, MGA7TOO
Assigning this to you, DavidG, as you did the last two new versions. Bounce it back if necessary.
Assignee: bugsquad => geiger.david68210
Debian has issued an advisory for this on February 21: https://www.debian.org/security/2021/dsa-4861
Status comment: (none) => Patch available from Debian
Ubuntu has issued an advisory for this on February 24: https://ubuntu.com/security/notices/USN-4747-1
Severity: normal => major
Done for cauldron, mga8 and mga7!
RPMS/SRPMS: screen-4.6.2-2.2.mga7 screen-4.8.0-2.1.mga8
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8Status comment: Patch available from Debian => (none)CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
Advisory: ======================== Updated screen package fixes security vulnerability: Felix Weinmann reported a flaw in the handling of combining characters in screen, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence (CVE-2021-26937). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26937 https://www.debian.org/security/2021/dsa-4861
MGA7 and MGA 8 (x86_64) Reading PoC on https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html Copy/Paste characters sequence in Kate, deleting escape sequence to make it on 1 line. screen-4.8.1-2.mga8: Crashes. screen-4.6.2-2.1.mga7: Crashes. Applying updates. Rerun above tests. No crash: screen says "Too long name file". MGA7-64-OK MGA8-64-OK Validating. Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCVE: (none) => CVE-2021-26937Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK MGA8-64-OKCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0109.html
Status: NEW => RESOLVEDResolution: (none) => FIXED