… | |
… | |
46 | TODO: rclock horribly time-biased |
46 | TODO: rclock horribly time-biased |
47 | TODO: rclock iso mode? |
47 | TODO: rclock iso mode? |
48 | |
48 | |
49 | TODO: printf "\e[4:3m" - "undercurl" - should probbaly be interpreted as underline, rather than \e[43m |
49 | TODO: printf "\e[4:3m" - "undercurl" - should probbaly be interpreted as underline, rather than \e[43m |
50 | |
50 | |
|
|
51 | 9.31 Mon 02 Jan 2023 18:13:16 CET |
51 | - implement a fix for CVE-2022-4170 (reported and analyzed by David Leadbeater). |
52 | - implement a fix for CVE-2022-4170 (reported and analyzed by David Leadbeater). |
52 | While present in version 9.30, it should not be exploitable. It is exploitable |
53 | While present in version 9.30, it should not be exploitable. It is exploitable |
53 | in versions 9.25 and 9.26, at least, and allows anybody controlling output to |
54 | in versions 9.25 and 9.26, at least, and allows anybody controlling output to |
54 | the terminal to execute arbitrary code in the urxvt process. |
55 | the terminal to execute arbitrary code in the urxvt process. |
55 | - the background extension no longer requires off focus fading support |
56 | - the background extension no longer requires off focus fading support |