Bug 148678 - x11-toolkits/vte: vulnerable to classic terminal title set+query attack (CVE-2010-2713)
Summary: x11-toolkits/vte: vulnerable to classic terminal title set+query attack (CVE-...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-gnome (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-16 10:30 UTC by Janne Snabb
Modified: 2010-07-19 00:40 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janne Snabb 2010-07-16 10:30:02 UTC
Hi,

vte-0.24.1 as in ports tree right now, and probably some earlier versions are vulnerable.

See:

http://www.securityfocus.com/archive/1/512388

http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91

Sorry, no patch included, but the above link has the upstream's solution. (I am not building huge X11 and Gnome libraries on my headless servers where I run FreeBSD.)
Comment 1 Edwin Groothuis freebsd_committer 2010-07-16 10:30:17 UTC
Responsible Changed
From-To: freebsd-ports-bugs->gnome

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Janne Snabb 2010-07-16 10:48:37 UTC
Fixed in:

http://ftp.gnome.org/pub/gnome/sources/vte/0.24/vte-0.24.3.tar.bz2

--
Janne Snabb / EPIPE Communications
snabb@epipe.com - http://epipe.com/
Comment 3 dfilter service freebsd_committer 2010-07-19 00:28:44 UTC
kwm         2010-07-18 23:28:32 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Document vte title set+query attack vulnerability.
  
  While here add the CVE numbers to the webkit-gtk2 entry I forgot in the
  previous commit.
  
  PR:             ports/148678
  Submitted by:   Janne Snabb <snabb@epipe.com>
  
  Revision  Changes    Path
  1.2185    +54 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 dfilter service freebsd_committer 2010-07-19 00:31:25 UTC
kwm         2010-07-18 23:31:14 UTC

  FreeBSD ports repository

  Modified files:
    x11-toolkits/vte     Makefile distinfo 
  Log:
  Update to 0.24.3.
  
  This version fixes the title set+query attack vulnability.
  
  PR:             ports/148678
  Submitted by:   Janne Snabb <snabb@epipe.com>
  Security:       9a8fecef-92c0-11df-b140-0015f2db7bde
  
  Revision  Changes    Path
  1.97      +2 -2      ports/x11-toolkits/vte/Makefile
  1.58      +3 -3      ports/x11-toolkits/vte/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Koop Mast freebsd_committer 2010-07-19 00:31:33 UTC
State Changed
From-To: open->closed

Committed thanks!