[LWN Logo]
[Timeline]
Date:         Tue, 5 Sep 2000 12:03:02 +0100
From: abs@PURPLEI.COM
Subject:      Re: screen 3.9.5 root vulnerability
To: BUGTRAQ@SECURITYFOCUS.COM

	Fix applied to NetBSD pkgsrc on 1st september. NetBSD pkgsrc
	users should confirm they have screen-3.9.5nb1 or later.

	For reference, patch applied:

$NetBSD: patch-ah,v 1.2 2000/09/01 15:23:51 kim Exp $

--- screen.c.orig	Wed Sep  1 17:57:25 1999
+++ screen.c	Fri Sep  1 11:22:45 2000
@@ -2311,7 +2311,7 @@
 	      else if (visual && !D_VB && (!D_status || !D_status_bell))
 		{
 		  D_status_delayed = -1;
-		  Msg(0, VisualBellString);
+		  Msg(0, "%s", VisualBellString);
 		  if (D_status)
 		    {
 		      D_status_bell = 1;

		David/absolute
				       -- www.netbsd.org: No hype required --