Hi Felix, On Tue, Feb 09, 2021 at 08:04:41AM -0500, Felix Weinmann wrote: > URL: > <https://savannah.gnu.org/bugs/?60030> > > Summary: Screen segfaults by displaying some UTF-8 character > combination > Project: GNU Screen > Submitted by: lixfel > Submitted on: Tue 09 Feb 2021 01:04:39 PM UTC > Category: Crash/Freeze/Infloop [...] > Privacy: Private [...] > So this bug is already exploited, but very likely without knowing > the origin in screen. I don't know if this bug might enable remote > code execution, thus marked as private.
Thanks for reporting this issue. Unfortunately setting it to private didn't really hide that bug report from the public as all bug reports reported against Screen via Savannah — as it seems even those marked as private — are forwarded to a publicly archived mailing list. So your bug report is already publicly visible at https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html even though it is hidden on Savannah. (This is something those with admin access to the screen project on Savannah might want to review.) Additionally it also has been assigned a CVE ID (CVE-2021-26937) and reported in Debian, too: https://bugs.debian.org/982435 Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
signature.asc
Description: PGP signature