minicom-2.7.1
Adam Lackorzynski
adam at os.inf.tu-dresden.de
Tue Apr 18 13:59:23 UTC 2017
Hi,
I just released minicom-2.7.1, which only contains a security fix
to address CVE-2017-7467, an issue in vt100 that allows for
remote code execution due to an improper bounds check.
The issue was found by Solar Designer of Openwall during a security
audit of the Virtuozzo 7 product, which contains derived downstream code
in its prl-vzvncserver component. The corresponding Virtuozzo 7 fix is:
https://src.openvz.org/projects/OVZ/repos/prl-vzvncserver/commits/6d95404e75b98f36b1cc85ee23df99dcf06ca13f
Openwall would like to thank the Virtuozzo company for funding the
effort.
The repo was also updated with a change addressing this issue.
Adam
More information about the minicom-devel
mailing list