From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZxhfL5t84z30N0 for ; Tue, 13 May 2025 16:25:30 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZxhfH2Gb7z30Hh for ; Tue, 13 May 2025 16:25:27 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZxhfG3l5hzwN; Tue, 13 May 2025 16:25:26 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1747153526; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t7+9ImIbNDPqTYfjQabZfoZAcQFzvHSt9o60I2FI9V4=; b=xZaRXrLg3h/VJOXA5rqZXwwhWgQF9+AGz8yLVCZu6+bIMSEnVIhhPDvIsMt4OSYTp27GiO zWzrFv7r2MvVnAAw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1747153526; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=t7+9ImIbNDPqTYfjQabZfoZAcQFzvHSt9o60I2FI9V4=; b=OLRdy8HvAWnPaXn2UpezbQFTXiwFWixaGWokTs0U/XEeHb6BTi0QMiTS4BuiTpSrIcF5Ii p/SnyN7h7l8Yh/ezg9zD7SOnT/Hu5dyS2JIz5QDmEKYs6xbbEkDPWBMU2QqC6L2XZ7SlI1 UtF9eIG9fVkxt6hQI+bs/p3YxaZvnf2hjr52rgGv0/3RMpYbcjRUrsoJ8+VrtRvk//5evO aDH7jaMh/M/0YHUKH+Z2M6Nbsvj1FEI89wmoCCwbb8OTfqphyQrcHL6BMznxx+VVv0MHh4 4QvmeSuhC1Xld8gdtBkZcer5N+E7p+Kd0KAym9Ft3tLzEBu23kWjro/R64pa8w== Message-ID: <726c2765-efe1-43d8-a426-53a9ce500ac7@ipfire.org> Date: Tue, 13 May 2025 18:25:22 +0200 Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 Subject: Re: Vulnerabilities in screen 5.0.0 To: Michael Tremer Cc: "IPFire: Development-List" References: <87D50B7A-B3B1-423D-A325-19FD21FFBF88@ipfire.org> Content-Language: en-GB From: Adolf Belka In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Michael, On 13/05/2025 17:54, Michael Tremer wrote: > Thank you! > >> On 13 May 2025, at 16:51, Adolf Belka wrote: >> >> Hi Michael, >> On 13/05/2025 16:45, Michael Tremer wrote: >>> Hello everyone, >>> While I am handing our tasks on the list, would anyone be up for applying a couple of security patches to screen? >> >> I am doing various update builds anyway so I will pick that up next. >> >> Regards, >> Adolf. >> >>> https://www.openwall.com/lists/oss-security/2025/05/12/1 >>> The fixes are attached to the email. I don’t believe a new version has been released, yet. I just found that version 5.0.1 has been "released" yesterday but is not yet in the source tarball download directory but it says it will come soon. I might just wait a while to see if that comes "soon". I have a question anyway, about the patches from that email. the filename of the 5.0.0 patch is screen_5_0_0_patches_tar_gz.bin I have no idea why it is showing up as a bin file, but I am not keen to download and try and open it up. Not sure how to open it anyway, depending what the .bin means anyway. Regards, Adolf. >>> Best, >>> -Michael >> >> >