A CVE has been assigned for a security issue fixed upstream in 9.25 and 9.26: https://www.openwall.com/lists/oss-security/2022/12/05/1 Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOAssignee: bugsquad => nicolas.salgueroSource RPM: (none) => rxvt-unicode-9.26-1.mga8.src.rpmCC: (none) => nicolas.salgueroCVE: (none) => CVE-2022-4170
Suggested advisory: ======================== The updated package fixes a security vulnerability: rxvt-unicode 9.25 and 9.26 are vulnerable to remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. (CVE-2022-4170) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4170 https://www.openwall.com/lists/oss-security/2022/12/05/1 ======================== Updated package in core/updates_testing: ======================== rxvt-unicode-9.26-1.1.mga8 from SRPM: rxvt-unicode-9.26-1.1.mga8.src.rpm
Status: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugsWhiteboard: MGA8TOO => (none)Version: Cauldron => 8
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Exercised urxvt with commands pwd, various cd, cp, mkdir, rm, mv, rmdir, touch, vi , all worked OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in comment 1.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0459.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED