Closed issue by tuxslack on void-packages repository

https://github.com/void-linux/void-packages/issues/50651

Description:
### Is this a new report?

Yes

### System Info

wall

### Package(s) Affected

util-linux

### Does a report exist for this bug with the project's home (upstream) and/or another distro?

https://diolinux.com.br/noticias/wallescape-falha-no-linux-falso-sudo.html
https://nvd.nist.gov/vuln/detail/CVE-2024-28085

### Expected behaviour

versão 2.40

### Actual behaviour

$ wall -V
wall de util-linux 2.39.3

maintainer: Enno Boland
pkgname: util-linux
pkgver: util-linux-2.39.3_2


### Steps to reproduce

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.


https://www.youtube.com/watch?v=X_Pwq5DD63s