Bug 234103 - x11/terminology: Update to 1.3.1 (Fixes CVE-2018-20167: Incorrect escaping of crafted files results in code execution)
Summary: x11/terminology: Update to 1.3.1 (Fixes CVE-2018-20167: Incorrect escaping of...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: freebsd-enlightenment (Nobody)
URL: https://www.enlightenment.org/news/20...
Keywords: needs-patch, security
Depends on:
Blocks:
 
Reported: 2018-12-17 18:37 UTC by Conrad Meyer
Modified: 2018-12-21 22:37 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (enlightenment)
koobs: merge-quarterly?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Conrad Meyer freebsd_committer freebsd_triage 2018-12-17 18:37:51 UTC
(Copied from Redhat bugzilla.)

Terminology before 1.3.1 allows Remote Code Execution because popmedia is
mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is
used. A popmedia control sequence can allow the malicious execution of
executable file formats registered in the X desktop share MIME types
(/usr/share/applications). The control sequence defers unknown file types to
the handle_unknown_media() function, which executes xdg-open against the
filename specified in the sequence. The use of xdg-open for all unknown file
types allows executable file formats with a registered shared MIME type to be
executed. An attacker can achieve remote code execution by introducing an
executable file and a plain text file containing the control sequence through a
fake software project (e.g., in Git or a tarball). When the control sequence is
rendered (such as with cat), the executable file will be run.

https://www.enlightenment.org/news/2018-12-16-terminology-1.3.1
https://phab.enlightenment.org/T7504
https://phab.enlightenment.org/rTRM1ac204da9148e7bccb1b5f34b523e2094dfc39e2
Comment 1 Grzegorz Blach freebsd_committer freebsd_triage 2018-12-21 22:36:07 UTC
Updated to 1.3.2. Thanks for report.
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-12-21 22:36:07 UTC
A commit references this bug:

Author: gblach
Date: Fri Dec 21 22:35:12 UTC 2018
New revision: 488028
URL: https://svnweb.freebsd.org/changeset/ports/488028

Log:
  Update to 1.3.2

  Fixes CVE-2018-20167: Incorrect escaping of crafted files results
  in code execution.

  PR:		234103
  Submitted by:	cem

Changes:
  head/x11/terminology/Makefile
  head/x11/terminology/distinfo
  head/x11/terminology/pkg-plist
Comment 3 Conrad Meyer freebsd_committer freebsd_triage 2018-12-21 22:37:51 UTC
Thanks for the quick fix!