Security Information / 2016 / Security Information -- DSA-3712-1 terminology

Debian Security Advisory

DSA-3712-1 terminology -- security update

Date Reported:

13 Nov 2016

Affected Packages:

terminology

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-8971.

More information:

Nicolas Braud-Santoni discovered that incorrect sanitising of character escape sequences in the Terminology terminal emulator may result in the execution of arbitrary commands.

For the stable distribution (jessie), this problem has been fixed in version 0.7.0-1+deb8u1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your terminology packages.