security update for xterm needed

Horst H. von Brand vonbrand at inf.utfsm.cl
Tue Jan 6 14:36:17 UTC 2009


Christoph Höger <choeger at cs.tu-berlin.de> wrote:
> I will file a bug becasue of this, but you should be sure to update
> xterm asap, if you use it:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030
> 
> I testet on fedora 10 accordign to
> http://www.heise.de/newsticker/Terminal-Emulator-xterm-fuehrt-untergeschobene-Befehle-aus--/meldung/121196
> (sorry, german)
> 
> I tried:
> 
> [choeger at choeger5 ~]$ perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log
> 
> and in xterm:
> 
> [choeger at choeger5 ~]$ cat bla.log 
> ^[P0$r
> 
> whoami
> 
> ^[\[choeger at choeger5 ~]$ 
> [choeger at choeger5 ~]$ whoami
> choeger
> [choeger at choeger5 ~]$ 
> [choeger at choeger5 ~]$ 
> 
> As you can see, its valid.

This is bog-standard VT100 behaviour, AFAIKS.
-- 
Dr. Horst H. von Brand                   User #22616 counter.li.org
Departamento de Informatica                    Fono: +56 32 2654431
Universidad Tecnica Federico Santa Maria             +56 32 2654239
Casilla 110-V, Valparaiso, Chile 2340000       Fax:  +56 32 2797513




More information about the fedora-devel-list mailing list