From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <development+bounces-404-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Zy7CB6X22z3393
	for <archive@lists.ipfire.org>; Wed, 14 May 2025 09:21:58 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Zy7C734z8z2xbb
	for <development@lists.ipfire.org>; Wed, 14 May 2025 09:21:55 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4Zy7C66hD2z38x;
	Wed, 14 May 2025 09:21:54 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1747214515;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=J8mo8bBL6S1elf3hOxpKlelaivPG9DrPK2j00ZH46KY=;
	b=wZQ1PjQKFY2VrOhx6ZFniz3MraFjWaC4LMJjraH3eHffsg1vxOdLMbk89NJqmrDB5DbWoc
	2sXA/KRD/DQk0iBg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa;
	t=1747214515;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=J8mo8bBL6S1elf3hOxpKlelaivPG9DrPK2j00ZH46KY=;
	b=s2EUUVRMPIZsARBA4YxSO+XpkNefhEPYUk4uMzhenKlXfsWayummVBxbTcRQwyAdSbWRU5
	9UmMkeBITTkcxlZyQc14oXFCzq8l0GqugJNHVdLiw1TxyAWYEK9wPir4PN4cUHXAsWUJ5P
	F1XwawXE39h4JxkVDPGGIz6dfAv5jzelfb0uBREezWbJNKtRuPl1m6rxkUUdJzMjR1LpJl
	741kGW3UOMut+pgEInCGBX7FxY+OmmtkGYo+B7OkfVmBFrpU91S+wc0QjPU9qSIQuhqQNX
	to8kJ8GHCbWjElNSJzzA6h5kMsDrOcAq6GmJ1UaqXtzlsG4JtViW+l5EN97XvA==
Content-Type: text/plain;
	charset=utf-8
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
Mime-Version: 1.0
Subject: Re: Vulnerabilities in screen 5.0.0
From: Michael Tremer <michael.tremer@ipfire.org>
In-Reply-To: <726c2765-efe1-43d8-a426-53a9ce500ac7@ipfire.org>
Date: Wed, 14 May 2025 10:21:54 +0100
Cc: "IPFire: Development-List" <development@lists.ipfire.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <92373242-0E4A-4B8E-BC56-EDFC690DC0EB@ipfire.org>
References: <87D50B7A-B3B1-423D-A325-19FD21FFBF88@ipfire.org>
 <dc382c00-d0bb-40a0-8bae-11f131670d6e@ipfire.org>
 <CD098237-640C-4A81-B368-C9A6EC1807C3@ipfire.org>
 <726c2765-efe1-43d8-a426-53a9ce500ac7@ipfire.org>
To: Adolf Belka <adolf.belka@ipfire.org>

Hello Adolf,

> On 13 May 2025, at 17:25, Adolf Belka <adolf.belka@ipfire.org> wrote:
>=20
> Hi Michael,
>=20
> On 13/05/2025 17:54, Michael Tremer wrote:
>> Thank you!
>>> On 13 May 2025, at 16:51, Adolf Belka <adolf.belka@ipfire.org> =
wrote:
>>>=20
>>> Hi Michael,
>>> On 13/05/2025 16:45, Michael Tremer wrote:
>>>> Hello everyone,
>>>> While I am handing our tasks on the list, would anyone be up for =
applying a couple of security patches to screen?
>>>=20
>>> I am doing various update builds anyway so I will pick that up next.
>>>=20
>>> Regards,
>>> Adolf.
>>>=20
>>>>   https://www.openwall.com/lists/oss-security/2025/05/12/1
>>>> The fixes are attached to the email. I don=E2=80=99t believe a new =
version has been released, yet.
>=20
> I just found that version 5.0.1 has been "released" yesterday but is =
not yet in the source tarball download directory but it says it will =
come soon.
>=20
> I might just wait a while to see if that comes "soon".

I am happy to wait for this because we won=E2=80=99t have a release our =
that quickly anyways. Core Update 195 will be released in about four =
weeks, so we have time.

> I have a question anyway, about the patches from that email. the =
filename of the 5.0.0 patch is
>=20
> screen_5_0_0_patches_tar_gz.bin
>=20
> I have no idea why it is showing up as a bin file, but I am not keen =
to download and try and open it up. Not sure how to open it anyway, =
depending what the .bin means anyway.

I think the mailing list renamed the file. It is just a tar.gz file and =
you can rename it and extract it as usual.

Best,
-Michael

> Regards,
> Adolf.
>=20
>>>> Best,
>>>> -Michael