it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4819-1] kitty security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4819-1] kitty security update
Date: Sat, 26 Dec 2020 18:26:47 +0000
List-archive: https://lists.debian.org/msgid-search/20201226182647.GA31393 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=/P4LBXZfnmakWG1YjoU0idkEFEl0Mb/9w42agNiAeLY=; b=Vq uu4+eje1BbMPycGD+qjUXEZ/ND0T8uI0eP6WXgfJ4GJBI7mFbz2yHzg1Xim7Ek/9zEat2mAJ9J6CX yVscyEl0ZQ7N1f91l6+b/8V0KBQEK+jaq2WSyejXnT3qNIqSmRqWiYerLxf6uATuHPs4gE4bUr38g NpmDlvgZfCQe+D8QoFfLksco23bQsiOJi2Psch4nVarCFMizD+anhhUu+bsqSE+WkMbVv/edA+5/y YjNRpQqFNMcp8AjqJHL3Brybx8UbIendcXG5m2K5VFoz5LEcfKo4FQB5o+TD7a3aVCSVsyvwzKOau W8Ieon08TUR5ZA9wV4PEVQ/ofvTv8GQg==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Sat, 26 Dec 2020 18:27:04 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <j746Rqhy4mL.A.ml.4B45fB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4819-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
December 26, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : kitty
CVE ID : CVE-2020-35605

Stephane Chauveau discovered that the graphics protocol implementation in
Kitty, a GPU-based terminal emulator, did not sanitise a filename when
returning an error message, which could result in the execution of
arbitrary shell commands when displaying a file with cat.

For the stable distribution (buster), this problem has been fixed in
version 0.13.3-1+deb10u1.

We recommend that you upgrade your kitty packages.

For the detailed security status of kitty please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/kitty

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/nf+gACgkQEMKTtsN8
TjZmPhAAl3JjKumCl+EttbyMLTmhss4CrTbABRemYx5CXY3FJnbAn9DlhL7fgah9
kCfa94dzDrHf3bh2NTmGnVR/VakYrfEq3TZwqRJRUlAnld+d5pZsD8ODLjRi4UNG
+tE4mBRWMXMJGZVuVzN+2+8Obdi8M2IqMrgKvGD07DiQsbHueBicuNxa/mV1PnSR
TNWUifX8gZemId48Mkjr1aMLeZSTfJZWB6EkiaUfsSU1aTldhmnhB2xZM0DM/d8N
tjRYZyrnKBlDgKepr7btzY422w2dDDzxfYRz254dVQ0tMcedTuufe0Q0wRFuiYXA
B97DJanSJag8zNMVfY17bNyRD1oAC6cW3gftXbPyg/F0ClmHB3S6Sd1qO8PAi4IG
2A43gbpxCtbdSI7nLjwlJ1nGWrbxQxP3/ns1J5dHBMeLrjK3Nw6eiSJOo07pp4vv
ZB0ax3poY7y+PM+5O9kyLn5A0FCgz7faZODQQa9XGT9ZneHfRap5NQ8Z8Ba+O51Y
/q+KJUrB+Q83XpQjnW7HoHLrkEMDsop1+ET+AwfdBUv+KuXIPSC8m3k2Iu8EsifL
0A1H9SYkk5s+uJsCtxsh5d0NnusOKyTrtyhM930MEgQzEOFguGDdFHEbNJcxr8KS
Ng4HAT+TMymwIECt2DrxHFpGJHxIeGPuGWts6WggzTdJSAZ6hEY=
=yJ+p
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4819-1] kitty security update, Moritz Muehlenhoff, 26.12.2020

Archiv bereitgestellt durch MHonArc 2.6.19.