Bug 613110 (CVE-2010-2713) - CVE-2010-2713 vte: responds to get window title escape sequence request
Summary: CVE-2010-2713 vte: responds to get window title escape sequence request
Alias: CVE-2010-2713
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 615045 615046
TreeView+ depends on / blocked
Reported: 2010-07-09 18:18 UTC by Vincent Danen
Modified: 2019-09-29 12:37 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-06-14 17:23:01 UTC

Attachments (Terms of Use)
proposed patch to fix the issue (1.83 KB, patch)
2010-07-09 18:19 UTC, Vincent Danen
no flags Details | Diff

Description Vincent Danen 2010-07-09 18:18:18 UTC
It was reported to Ubuntu that vte regressed the fix for CVE-2003-0070 in the following upstream commit:


This would allow for an information disclosure of the window title of the gnome-terminal.

This issue does not affect Red Hat Enterprise Linux 5 or earlier, which still replace the contents of the window title with "LTerminal", rather than "l[contents of terminal window]"; as demonstrated with:

$ echo -e "\e[21t"

Comment 1 Vincent Danen 2010-07-09 18:19:28 UTC
Created attachment 430733 [details]
proposed patch to fix the issue

Comment 3 Vincent Danen 2010-07-14 15:20:56 UTC
This has been assigned the name CVE-2010-2713.

Comment 9 Vincent Danen 2010-07-15 20:16:19 UTC
Created vte tracking bugs for this issue

Affects: fedora-all [bug 615046]

Comment 10 Vincent Danen 2011-06-14 17:23:01 UTC
This was fixed upstream in 0.19.4; currently Fedora has 0.24.1-1.fc13, 0.26.1-1.fc14, and 0.28.0-1.fc15. This has been fixed.

Note You need to log in before you can comment on or make changes to this bug.