Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]

To: debian-security@lists.debian.org
Subject: Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 19 Apr 2004 11:18:41 -0700
Message-id: <[🔎] 20040419181841.GU31523@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040419175127.GA3843@kontryhel.haltyr.dyndns.org>
References: <[🔎] 200404172216.11138.jluehr@gmx.net> <[🔎] 20040418165633.GW12830@alcor.net> <[🔎] 200404182047.16630.jluehr@gmx.net> <[🔎] 20040418185821.GB12830@alcor.net> <[🔎] 20040419160851.GA27171@kontryhel.haltyr.dyndns.org> <[🔎] 20040419163247.GM31523@alcor.net> <[🔎] 20040419175127.GA3843@kontryhel.haltyr.dyndns.org>

On Mon, Apr 19, 2004 at 07:51:27PM +0200, Jan Minar wrote:

> Come on, Matt:  Virtually all terminal emulators are vulnerable, and the
> vulnerability is a common knowledge.  The abovementioned paper was on
> Bugtraq 2003-02-24 21:02:52...  Is the Security Team going to do
> something about it themselves (filing RC bugs at least)?

You are part of a community, not somebody purchasing a service.  Take some
initiative and contribute.

The security team does not have the resources to audit Debian, and can
barely keep up with new issues as they become known.  Pointing and whining
doesn't help.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
  - From: Jan Minar <jjminar@fastmail.fm>

References:
- CAN-2003-0020?
  - From: Jan Lühr <jluehr@gmx.net>
- Re: CAN-2003-0020?
  - From: Matt Zimmerman <mdz@debian.org>
- Re: CAN-2003-0020?
  - From: Jan Lühr <jluehr@gmx.net>
- Re: CAN-2003-0020?
  - From: Matt Zimmerman <mdz@debian.org>
- Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
  - From: Jan Minar <jjminar@fastmail.fm>
- Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
  - From: Jan Minar <jjminar@fastmail.fm>

Prev by Date: Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
Next by Date: Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
Previous by thread: Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
Next by thread: Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
Index(es):
- Date
- Thread