]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7254a27) | patch
screen: update 5.0.0 -> 5.0.1
authorDivya Chellam <divya.chellam@windriver.com>
Fri, 30 May 2025 11:52:09 +0000 (17:22 +0530)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 10 Jul 2025 09:46:57 +0000 (10:46 +0100)
commit9e608022b287bfdb4f547f5e2d418536758bc82f
tree5b9b91ba89f8fe51c5c30e4c327b25a1351722e2tree | snapshot
parent7254a27cdf16a51b5247585d417f2e6afaf84b76commit | diff
screen: update 5.0.0 -> 5.0.1

This includes CVE-fix for CVE-2025-46805, CVE-2025-46804,
CVE-2025-46803, CVE-2025-46802 and CVE-2025-23395.

Changelog:
=========
https://cgit.git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.5.0.1

* Fixes:
- CVE-2025-46805: do NOT send signals with root privileges
- CVE-2025-46804: avoid file existence test information leaks
- CVE-2025-46803: apply safe PTY default mode of 0620
- CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
- CVE-2025-23395: reintroduce lf_secreopen() for logfile
- buffer overflow due bad strncpy()
- uninitialized variables warnings
- typos
- combining char handling that could lead to a segfault

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/screen/screen_5.0.1.bb [moved from meta/recipes-extended/screen/screen_5.0.0.bb with 95% similarity] diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib