GNU bug report logs - #78430
[PATCH 0/2] Fix vulnerabilities in GNU Screen

Previous Next

Package: guix-patches;

Reported by: Liliana Marie Prikler <liliana.prikler <at> gmail.com>

Date: Wed, 14 May 2025 19:20:02 UTC

Severity: normal

Tags: patch

Full log

Message #20 received at 78430 <at> debbugs.gnu.org (full text, mbox):

From: Ian Eure <ian <at> retrospec.tv>
To: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Cc: 78430 <at> debbugs.gnu.org
Subject: Re: [bug#78430] [PATCH 2/2] gnu: screen: Fix multiple CVEs.
Date: Sat, 17 May 2025 10:28:03 -0700

Hi Liliana,

Liliana Marie Prikler <liliana.prikler <at> gmail.com> writes:

> Am Samstag, dem 17.05.2025 um 08:26 -0700 schrieb Ian Eure:
>> Hi Liliana,
>> 
>> Both patches look good to me, feel free to push.  I do note 
>> that 
>> Screen 5.0.1 is out and has all these fixes[1], so you might 
>> consider updating to that rather than backporting the fixes.
>> 
> Yeah, 5.0.1 is already in Guix.  I do think we should still 
> apply the
> configure flag though.  WDYT?

It looks like the default changed back to 0620 in 5.0.1[1], but 
explicitly specifying it as a safeguard seems like a cheap way to 
prevent the same issue recurring, so I’m for it.

 -- Ian

[1]: "CVE-2025-46803: apply safe PTY default mode of 0620" from 
https://savannah.gnu.org/news/?id=10771
This bug report was last modified 28 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.