Description: Disable because embedded newlines can make exploits easier. Author: Utkarsh Gupta <utkarsh@debian.org> Origin: vendor Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-33477 Forwarded: not-needed Last-Update: 2021-06-09 --- a/src/command.c +++ b/src/command.c @@ -5029,10 +5029,16 @@ rxvt_scr_add_lines(r, page, (const unsigned char *)"\n\r", 1, 2); break; +/* + disabled because embedded newlines can make exploits easier + https://github.com/exg/rxvt-unicode/commit/2e7149935839bb7aa69b5bfe9558ba449e4db363 + */ +#if 0 /* kidnapped escape sequence: Should be 8.3.48 */ case C1_ESA: /* ESC G */ rxvt_process_graphics(r, page); break; +#endif /* 8.3.63: CHARACTER TABULATION SET */ case C1_HTS: /* ESC H */