Candidate: CVE-2015-8971
PublicDate: 2017-01-23 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8971
 http://www.openwall.com/lists/oss-security/2016/11/04/12
Description:
 Terminology 0.7.0 allows remote attackers to execute arbitrary commands via
 escape sequences that modify the window title and then are written to the
 terminal, a similar issue to CVE-2003-0063.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843434
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_terminology:
 upstream: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
upstream_terminology: released (0.7.0-2)
precise_terminology: DNE
trusty_terminology: DNE
trusty/esm_terminology: DNE
vivid/stable-phone-overlay_terminology: DNE
vivid/ubuntu-core_terminology: DNE
xenial_terminology: released (0.7.0-1+deb8u1build0.16.04.1)
yakkety_terminology: released (0.7.0-1+deb8u1build0.16.10.1)
devel_terminology: not-affected (0.7.0-2)