Sophie: mrxvt-0.5.4-17.mga9 src

mrxvt-0.5.4-17.mga9.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

Description: Disable because embedded newlines can make exploits easier.
Author: Utkarsh Gupta <utkarsh@debian.org>
Origin: vendor
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-33477
Forwarded: not-needed
Last-Update: 2021-06-09

--- a/src/command.c
+++ b/src/command.c
@@ -5029,10 +5029,16 @@
 	    rxvt_scr_add_lines(r, page, (const unsigned char *)"\n\r", 1, 2);
 	    break;
 
+/*
+ disabled because embedded newlines can make exploits easier
+ https://github.com/exg/rxvt-unicode/commit/2e7149935839bb7aa69b5bfe9558ba449e4db363
+ */
+#if 0
 	/* kidnapped escape sequence: Should be 8.3.48 */
 	case C1_ESA:	    /* ESC G */
 	    rxvt_process_graphics(r, page);
 	    break;
+#endif
 
 	/* 8.3.63: CHARACTER TABULATION SET */
 	case C1_HTS:	    /* ESC H */