Bug 2215008

Summary: TRIAGE vte291: infinite loop parsing control sequence '\e]104;x\a'
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dking
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: vte 0.70.6, vte 0.72.2 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-20 12:28:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2215010, 2215011    
Bug Blocks: 2215009    

Description Sandipan Roy 2023-06-14 12:37:21 UTC 
A logic error in vte's OSC parser results in an infinite loop. An
untrusted system accessed via ssh, telnet or similar could use this
as a denial of service. This is fixed upstream in 0.70.6, and a fixed
version 0.70.5-2 is on its way into unstable. Originally reported at
<https://bugs.launchpad.net/ubuntu/+source/vte2.91/+bug/2022019>.

Does the security team want to do a DSA for this? The patch is upstream
commit https://gitlab.gnome.org/GNOME/vte/-/commit/dce7b5f044b0f9e184f186315c846489a20edf0d
or one of its many cherry-picks to older branches.

Ref: https://gitlab.gnome.org/GNOME/vte/-/issues/2631
Comment 2 Zack Miele 2023-06-15 19:44:47 UTC 
fix commit https://gitlab.gnome.org/GNOME/vte/-/commit/dce7b5f0