Debian Security Advisory
DSA-3712-1 terminology -- security update
- Date Reported:
- 13 Nov 2016
- Affected Packages:
- terminology
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-8971.
- More information:
-
Nicolas Braud-Santoni discovered that incorrect sanitising of character escape sequences in the Terminology terminal emulator may result in the execution of arbitrary commands.
For the stable distribution (jessie), this problem has been fixed in version 0.7.0-1+deb8u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your terminology packages.