Ah, my apologies - hadn't spotted that it was a recently introduced bug! On Tue, 9 Feb 2021, 22:20 Steve Beattie, <1915...@bugs.launchpad.net> wrote:
> Hello Steve, > > Thanks for reporting this issue. In this case, it is believed that the > vulnerability was introduced in screen 4.7.0 (via > > https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 > ), and then fixed in 4.8.0. Ubuntu 18.04 and older versions of screen > pre-date the introduction of the vulnerability and thus are not > affected. Ubuntu 20.04 and newer as you point out alredy have 4.8.0 and > thus are also not-affected. > > This information is also represented at > https://ubuntu.com/security/CVE-2020-9366 . > > Also, if there were versions of screen affected, the Ubuntu Security > team would not normally pull back a complete new version to older > releases, as that would likely introduce behavioral changes that could > be considered regressions for users; instead we backport targeted fixes > to minimize the risk of regression. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1915205 > > Title: > CVE-2020-9366 > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/screen/+bug/1915205/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915205 Title: CVE-2020-9366 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/screen/+bug/1915205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs