oss-sec mailing list archives
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals
From: Aaron Rainbolt <arraybolt3 () gmail com>
Date: Thu, 9 Apr 2026 21:31:26 -0400
On Thu, 9 Apr 2026 08:11:03 +0200 Salvatore Bonaccorso <carnil () debian org> wrote:
Hi Aaron, On Tue, Apr 07, 2026 at 08:09:06PM -0400, Aaron Rainbolt wrote: [...]I discovered this while doing work for the Kicksecure and Whonix projects. This bug was reported privately to upstream on December 23, 2025. As per Kicksecure's Vulnerability Disclosure Policy [1], we're disclosing it publicly on April 7, 2026, 90 days + a 14-day grace period later. An upstream bug report can be seen at [2].JFYI, the reference to the issue: It currently say: "This issue has been deleted.". Is the issue reference correct, was it really deleted or is there a typo?
The issue reference is correct. systemd upstream didn't agree with Kicksecure's vulnerability disclosure policy, and elected to delete the bug report for being "irresponsible". I disagree with them, but in any event, the email contains all of the useful info that was in the upstream bug report. -- Aaron
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (Apr 07)
- Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (Apr 08)
- Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Salvatore Bonaccorso (Apr 09)
- Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt (Apr 09)