Your message dated Sat, 05 Sep 2015 22:07:39 +0000
with message-id <[email protected]>
and subject line Bug#797624: fixed in screen 4.0.3-14+deb6u1
has caused the Debian Bug report #797624,
regarding screen: CVE-2015-6806: DoS attack via stack overflow via terminal
control codes
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
797624: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797624
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: screen
Version: 4.0.3-14
Severity: important
Tags: security patch fixed-upstream
Control: forwarded -1 https://savannah.gnu.org/bugs/?45713
GNU Screen upstream fixed the following crash of the SCREEN server
process in git:
http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b
The according upstream bug report is at
https://savannah.gnu.org/bugs/?45713
I can reproduce the issue on Jessie, Wheezy and Squeeze and since it has
been fixed upstream in the screen-v4 branch, Stretch and Sid are surely
affected, too.
Effect is that the SCREEN server process dies without the screen client
process noticing, the client process freezes and until it's killed, a
SCREEN server zombie process is left over.
Hence this can be used to cause a denial of service attack by tricking a
user into e.g. displaying a file with "cat" inside screen.
--- End Message ---
--- Begin Message ---
Source: screen
Source-Version: 4.0.3-14+deb6u1
We believe that the bug you reported is fixed in the latest version of
screen, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Kitterman <[email protected]> (supplier of updated screen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 05 Sep 2015 16:48:47 -0400
Source: screen
Binary: screen
Architecture: source amd64
Version: 4.0.3-14+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Jan Christoph Nordholz <[email protected]>
Changed-By: Scott Kitterman <[email protected]>
Description:
screen - terminal multiplexor with VT100/ANSI terminal emulation
Closes: 797624
Changes:
screen (4.0.3-14+deb6u1) squeeze-lts; urgency=high
.
* Fix stack overflow due to too deep recursion (CVE-2015-6806). (Closes:
#797624)
- Add debian/patches/61denial-of-service-stack-overflow-fix.dpatch to
apply upstream fix
Checksums-Sha1:
e2ef5848e64ff592fa4daadd75485b10feced7e7 1753 screen_4.0.3-14+deb6u1.dsc
62d975a57ce10b8a4d52bdc9319662fd23d2272f 157158 screen_4.0.3-14+deb6u1.diff.gz
3ce89802fa2d9debe8039ac3bbce04da21f9b03d 631524
screen_4.0.3-14+deb6u1_amd64.deb
Checksums-Sha256:
fd199e8cc149252c3e8a418af51af7f1d8850482109b01686e62f7e6e919f500 1753
screen_4.0.3-14+deb6u1.dsc
742bf8cfdd5bb7aad4ed76072caf8f0c071b8766e41e721a63bd6327c38171ae 157158
screen_4.0.3-14+deb6u1.diff.gz
a14c77e3ba3a80a9db55f1e3e1d12f2eb12b7b856bb374daf86e783a472be14a 631524
screen_4.0.3-14+deb6u1_amd64.deb
Files:
4302d2dfe64540689f012b1c044ea20b 1753 misc optional screen_4.0.3-14+deb6u1.dsc
d6cde2c2ea4a695ac085ecdde4e77c13 157158 misc optional
screen_4.0.3-14+deb6u1.diff.gz
78a154f1ef06fd396e97d56a08c7aba0 631524 misc optional
screen_4.0.3-14+deb6u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJV617+AAoJEHjX3vua1Zrxhz8P/356R+j6t5k2Au0z0pdaw5fx
iqGAUw0cEpIQOpQ9QqqSd557aaBprthXljEoWmootnpGqx+ym1hNlO1Gplagv9XH
G5wqXUxgyDNlgkM+CAYWnF+IMiKPS/vA9Itak3Q9NejqO4qDxkMaQmSi3EwGFw0A
NdlG8bEYUCs8xMqt2j4W5bBxxE29ohC3VB0CMrdHKAQfMBoiTi19GUWCqOg1yIHT
t5+ANy70PiZpCpgw9yFblmc32SDnzB9KKJaoEQsSIq/V2e4w0KJb6R0dMqcZfbzs
GJZdKyZN8YT7og+I5f8qU9D09v4XlGUtJ9uyCkQ23/SqEAsIybkExhwVVsHCwSd3
Pua2lOHGz4/ZQwFnrNCqatlUW/TJ7ZmgMHuW+6weoIW+ZXY+ctTzTAznRJiwaEWg
HGewn2EynN2pP8CsYHIsY21B53KcP9OTOpm5sUUIZuB0vXsh+YX54bdQQ+BKqLcP
STy5kBE8xMw/WqSi8AORRp8GRGUGyKkRw5udpaX/6N+7uj5txBjuIvbHWmRH+wyw
IaUvjkS7H8wvMxKdoK8I0R8GGbMfj9ziPwxvN9zvH3BEeMlD6COM3ZCTNV/eveJM
cAG/WC1xm0IXrc9h0gt7vJuxOdTop2R81mKus9Hd3fQHdQtELKeiemzak3Yohcn7
XK33pjOJPnD28rxKIOkG
=ftJt
-----END PGP SIGNATURE-----
--- End Message ---
