Commit Graph

4 Commits

Author SHA1 Message Date
Divya Chellam
8422c6f52f screen: fix CVE-2025-46804
A minor information leak when running Screen with setuid-root
privileges allosw unprivileged users to deduce information
about a path that would otherwise not be available.

Affected are older Screen versions, as well as version 5.0.0.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-46804

Upstream-patch:
https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30

(From OE-Core rev: a313af8ca347797214669406ee86f5239997f7e3)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Divya Chellam
fa0fef4a3d screen: fix CVE-2025-46802
For a short time they PTY is set to mode 666, allowing any user on the
system to connect to the screen session.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-46802

Upstream-patch:
https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a

(From OE-Core rev: b17e091eb4681b69c5a050d3fa0f9289f524e205)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-11 08:17:34 -07:00
Ashish Sharma
f8d52ece40 screen: patch CVE-2025-46805
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/screen/patch/?id=aa9f51f996a22470b8461d2b6a32e62c7ec30ed5
Upstream commit https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4]

(From OE-Core rev: 69dd9b16fbd18a1a960887ee9479a2e731b5a184)

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-06-05 08:41:15 -07:00
Alexander Kanavin
b27d1171f3 screen: update 4.9.0 -> 4.9.1
Remove patches; they are merged upstream or backported.

(From OE-Core rev: 2566f8e51d56848d8b28f37462160e90253b79fc)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-09-18 08:53:10 +01:00