oss-sec mailing list archives
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)
From: Matthias Gerstner <mgerstner () suse de>
Date: Fri, 16 May 2025 10:32:35 +0200
Hi, On Thu, May 15, 2025 at 04:09:51PM +0100, Stuart Henderson wrote:
On 2025/05/14 13:26, Matthias Gerstner wrote:Indeed, this is the bugfix release announced by upstream here: https://lists.gnu.org/archive/html/screen-users/2025-05/msg00005.htmlThere are two different versions of the tar.gz; at present, some of the gnu.org mirrors have one, some have another. The earlier one includes .o and other generated files, also there are differences to some source and headers around WINESC_WIN_CARET. It would probably be helpful to make a 5.0.2 release to make it a little more clear.
these inconsistencies confirm the impressions we gained during the coordinated disclosure. We believe that there are no well established (release, development) processes existing in the GNU Screen upstream project anymore. I don't think this list is the right place bring forward these issues, however. You can try on the screen-devel mailing list [1], where some issues with the release tarball already seem to be discussed. [1]: https://lists.gnu.org/archive/html/screen-devel Cheers Matthias
Attachment:
signature.asc
Description:
Current thread:
- screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 12)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis (May 13)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Mark Esler (May 13)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 14)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Stuart Henderson (May 15)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 16)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 14)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Jan Schaumann (May 16)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Taylor R Campbell (May 16)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)
- Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jacob Bachmeyer (May 16)
- Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jan Schaumann (May 17)
- Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Taylor R Campbell (May 17)
- Re: describing affected systems Eli Schwartz (May 18)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)