|
[BUG] vte
1 Attachment(s)
vte, as packaged by Slackware through -current, has a bug which allows for a local DoS. Any program built against libvte (such as mosh or Xfce's Terminal) is vulnerable. Upstream corrected this starting with vte 0.32+ so I backported the fix for Slackware and provided Pat a copy.
To test, open Xfce's Terminal (/usr/bin/Terminal) and type: Code:
echo -en "\e[9999999999P"An official Slackware patch is probably forthcoming. However, for the impatient among us, here's my fix. Just apply it to vte and rebuild. -mancha |
It wasn't clear in my last post that this patch applies against vte 0.28.x (as in -current). If demand exists, I guess I could work on patches back to 13.37 or maybe 13.1.
-mancha |
| All times are GMT -5. The time now is 10:32 AM. |