oss-sec mailing list archives

Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations))

From: Jan Schaumann <jschauma () netmeister org>
Date: Sat, 17 May 2025 09:10:51 -0400

Jacob Bachmeyer <jcb62281 () gmail com> wrote:

Would "systems using pkgsrc-2025Q1, notably including NetBSD 9.x and NetBSD
10.1" have been a fair way of describing that set?


I think that's a lot better, although I would probably
have phrased it as:

Systems using screen(1) built from pkgsrc, including
binary packages installed on NetBSD using e.g.,
pkg_add(1) or pkgin(1) before screen-5.0.0nb3 are
affected.


The details can get confusing, because you can use
pkgsrc from sources from -current or a quarterly
tagged branch across a range of operating systems, but
can also install binary packages using at least two
different tools, so ultimately neither the date nor
the OS themselves matter as much as the package
version number.  (The "nb3" here signals that this is
the 3rd pkgsrc specific version bump of the 5.0.0
upstream version.)

But no need to further argue over the precise
language. :-)

-Jan

Current thread:

Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations), (continued)
- - Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 14)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Mark Esler (May 13)
  - Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 14)
    - Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Stuart Henderson (May 15)
    - Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 16)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Jan Schaumann (May 16)
  - Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)
    - Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Taylor R Campbell (May 16)
    - Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)
    - Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jacob Bachmeyer (May 16)
    - Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jan Schaumann (May 17)
    - Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Taylor R Campbell (May 17)
    - Re: describing affected systems Eli Schwartz (May 18)