From 2de5cd85423083662eb0625978ef6da7577d76c6 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 26 Feb 2022 19:15:08 +0100 Subject: [PATCH] package/xterm: security bump to version 371 Fix CVE-2022-24130: xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. Update hash of COPYING (update in year) https://invisible-island.net/xterm/xterm.log.html#xterm_371 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/xterm/xterm.hash | 4 ++-- package/xterm/xterm.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/xterm/xterm.hash b/package/xterm/xterm.hash index d6d80ad977..3f6ec765ce 100644 --- a/package/xterm/xterm.hash +++ b/package/xterm/xterm.hash @@ -1,4 +1,4 @@ # Locally calculated after checking pgp signature -sha256 27f1a8b1c756e269fd5684e60802b545f0be9b36b8b5d6bdbc840c6b000dc51f xterm-367.tgz +sha256 32f888277b19e28ebc0a3112bff000607c07bed0679caa0beebb36f9cad484f5 xterm-371.tgz # Locally calculated -sha256 dfb668cc977e24649500f3cc54de3e2b793928d210715a445ab1227930b07ba6 COPYING +sha256 9521ef761474cd31ea406f56a751646a7b42a9287cdc6f2f8e52ed4c4d2a73e7 COPYING diff --git a/package/xterm/xterm.mk b/package/xterm/xterm.mk index e09d350a7d..95984f1cf9 100644 --- a/package/xterm/xterm.mk +++ b/package/xterm/xterm.mk @@ -4,7 +4,7 @@ # ################################################################################ -XTERM_VERSION = 367 +XTERM_VERSION = 371 XTERM_SOURCE = xterm-$(XTERM_VERSION).tgz XTERM_SITE = http://invisible-mirror.net/archives/xterm XTERM_DEPENDENCIES = ncurses xlib_libXaw host-pkgconf