Bug 12647 - vte: CVE-2012-2738: DoS
: vte: CVE-2012-2738: DoS
Status: NEW
Product: Maemo 5 Community SSU
: testing
: N900 Maemo
: Unspecified minor (vote)
: ---
Assigned To: unassigned
: general
  Show dependency tree
Reported: 2012-08-10 16:02 UTC by Andre Klapper
Modified: 2012-08-10 16:02 UTC (History)
0 users (show)

See Also:



You need to log in before you can comment on or make changes to this bug.

Description Andre Klapper (reporter) maemo.org 2012-08-10 16:02:47 UTC
allows remote authenticated users to cause a denial of service (long loop and
CPU consumption) via an escape sequence with a large repeat count value. 

See https://bugzilla.gnome.org/show_bug.cgi?id=676090 and the related commits

Looking at http://gitorious.org/community-ssu/vte/blobs/master/src/vteseq.c I
see some changes in the code, so applying this won't be totally straight

<andre__> somebody please tell me if I should file a ticket
<freemangordon> BTW openssh is in extras, not CSSU material aiui
<DocScrutinizer05> andre__: denial of service or privilege escalation?
<DocScrutinizer05> DOS is "harmless"
<andre__> you can probably judge it way better than I can
<DocScrutinizer05> file it please
<DocScrutinizer05> we can triage later