←back to thread

Multiple security issues in GNU Screen

(www.openwall.com)
414 points st_goliath | 2 comments | 13 May 25 11:28 UTC | HN request time: 0.411s | source
Show context
teddyh ◴[13 May 25 12:09 UTC] No.43972000[source]
Note: In Debian, GNU screen is not installed with setuid-root privileges.
replies(4): >>43972155 #>>43972240 #>>43972667 #>>43972691 #
perlgeek ◴[13 May 25 13:24 UTC] No.43972691[source]
And the package in Debian Stable (aka bookworm) is too old to be affected by the vulnerabilities in 5.0.0.

I used to hate that Debian always was behind on software versions, but now I use different package sources for the few applications where I really don't want to rely on old software (like browsers), and otherwise doing great with the old stuff :-)

replies(2): >>43972806 #>>43980202 #
mjevans ◴[13 May 25 13:35 UTC] No.43972806[source]
Related... https://bugzilla.mozilla.org/show_bug.cgi?id=1966096

If you're running Firefox on Debian please make sure you manually update it since the package repo's been down for a while. I filed a 'support' ticket first ( https://support.mozilla.org/en-US/questions/1510388 ) since it seemed to be the proper place, but no one seems to look at those.

replies(2): >>43974517 #>>43974767 #
foresto ◴[13 May 25 16:35 UTC] No.43974767[source]
This is about Mozilla's builds of Firefox for Debian, not Debian's builds, right? So regular Debian users who run the default Firefox (firefox-esr) would be unaffected.
replies(1): >>43975107 #
1. mjevans ◴[13 May 25 17:00 UTC] No.43975107[source]
Correct, but that's firefox-esr not firefox. At one point I found it necessary to switch as there was an issue with security updates, but that might have been an issue in that particular system's configuration that I since resolved.
replies(1): >>43979073 #
2. foresto ◴[13 May 25 23:34 UTC] No.43979073[source]
To be clear for the sake of other readers, Debian's firefox-esr package is Firefox.

It's simply a release from Mozilla's Extended Support Release channel, as distinct from the Rapid Release channel that you are apparently using. Not a different project/product.

https://support.mozilla.org/en-US/kb/choosing-firefox-update...