Vulnerabilities in screen 5.0.0

Vulnerabilities in screen 5.0.0

[Michael Tremer]

Hello everyone,

While I am handing our tasks on the list, would anyone be up for applying a couple of security patches to screen?

  https://www.openwall.com/lists/oss-security/2025/05/12/1

The fixes are attached to the email. I don’t believe a new version has been released, yet.

Best,
-Michael

Re: Vulnerabilities in screen 5.0.0

[Adolf Belka]

Hi Michael,
On 13/05/2025 16:45, Michael Tremer wrote:
> Hello everyone,
> 
> While I am handing our tasks on the list, would anyone be up for applying a couple of security patches to screen?

I am doing various update builds anyway so I will pick that up next.

Regards,
Adolf.

> 
>    https://www.openwall.com/lists/oss-security/2025/05/12/1
> 
> The fixes are attached to the email. I don’t believe a new version has been released, yet.
> 
> Best,
> -Michael

Re: Vulnerabilities in screen 5.0.0

[Michael Tremer]

Thank you!

> On 13 May 2025, at 16:51, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> Hi Michael,
> On 13/05/2025 16:45, Michael Tremer wrote:
>> Hello everyone,
>> While I am handing our tasks on the list, would anyone be up for applying a couple of security patches to screen?
> 
> I am doing various update builds anyway so I will pick that up next.
> 
> Regards,
> Adolf.
> 
>>   https://www.openwall.com/lists/oss-security/2025/05/12/1
>> The fixes are attached to the email. I don’t believe a new version has been released, yet.
>> Best,
>> -Michael
> 
> 

Re: Vulnerabilities in screen 5.0.0

[Adolf Belka]

Hi Michael,

On 13/05/2025 17:54, Michael Tremer wrote:
> Thank you!
> 
>> On 13 May 2025, at 16:51, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>
>> Hi Michael,
>> On 13/05/2025 16:45, Michael Tremer wrote:
>>> Hello everyone,
>>> While I am handing our tasks on the list, would anyone be up for applying a couple of security patches to screen?
>>
>> I am doing various update builds anyway so I will pick that up next.
>>
>> Regards,
>> Adolf.
>>
>>>    https://www.openwall.com/lists/oss-security/2025/05/12/1
>>> The fixes are attached to the email. I don’t believe a new version has been released, yet.

I just found that version 5.0.1 has been "released" yesterday but is not yet in the source tarball download directory but it says it will come soon.

I might just wait a while to see if that comes "soon".

I have a question anyway, about the patches from that email. the filename of the 5.0.0 patch is

screen_5_0_0_patches_tar_gz.bin

I have no idea why it is showing up as a bin file, but I am not keen to download and try and open it up. Not sure how to open it anyway, depending what the .bin means anyway.

Regards,
Adolf.

>>> Best,
>>> -Michael
>>
>>
> 

Re: Vulnerabilities in screen 5.0.0

[Michael Tremer]

Hello Adolf,

> On 13 May 2025, at 17:25, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> Hi Michael,
> 
> On 13/05/2025 17:54, Michael Tremer wrote:
>> Thank you!
>>> On 13 May 2025, at 16:51, Adolf Belka <adolf.belka@ipfire.org> wrote:
>>> 
>>> Hi Michael,
>>> On 13/05/2025 16:45, Michael Tremer wrote:
>>>> Hello everyone,
>>>> While I am handing our tasks on the list, would anyone be up for applying a couple of security patches to screen?
>>> 
>>> I am doing various update builds anyway so I will pick that up next.
>>> 
>>> Regards,
>>> Adolf.
>>> 
>>>>   https://www.openwall.com/lists/oss-security/2025/05/12/1
>>>> The fixes are attached to the email. I don’t believe a new version has been released, yet.
> 
> I just found that version 5.0.1 has been "released" yesterday but is not yet in the source tarball download directory but it says it will come soon.
> 
> I might just wait a while to see if that comes "soon".

I am happy to wait for this because we won’t have a release our that quickly anyways. Core Update 195 will be released in about four weeks, so we have time.

> I have a question anyway, about the patches from that email. the filename of the 5.0.0 patch is
> 
> screen_5_0_0_patches_tar_gz.bin
> 
> I have no idea why it is showing up as a bin file, but I am not keen to download and try and open it up. Not sure how to open it anyway, depending what the .bin means anyway.

I think the mailing list renamed the file. It is just a tar.gz file and you can rename it and extract it as usual.

Best,
-Michael

> Regards,
> Adolf.
> 
>>>> Best,
>>>> -Michael