2 files changed, 12 insertions, 3 deletions

diff --git a/RELNOTES b/RELNOTES
index 015bb2137..da53398de 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,8 +1,9 @@
 firejail (0.9.38.1) baseline; urgency=low
   * testing in progress, it will be released as 0.9.38.2
+  * security: --whitelist deleted files, submitted by Vasya Novikov
   * security: disable x32 ABI, submitted by Jann Horn
   * security: tighten --chroot, submitted by Jann Horn
-  * security: --whitelist deleted files, submitted by Vasya Novikov
+  * security: terminal sandbox escape, submitted by Stephan Sokolow
  -- netblue30 <netblue30@yahoo.com>  Fri, 12 Aug 2016 10:00:00 -0500
 
 firejail (0.9.38) baseline; urgency=low
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 46dd04bcd..9f7274dc8 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -125,10 +125,18 @@ read-only ${HOME}/.xscreensaver
 # The user ~/bin directory can override commands such as ls
 read-only ${HOME}/bin
 
-# disable terminals running as server
+# disable terminals running as server resulting in sandbox escape
 blacklist ${PATH}/lxterminal
 blacklist ${PATH}/gnome-terminal
 blacklist ${PATH}/gnome-terminal.wrapper
 blacklist ${PATH}/xfce4-terminal
 blacklist ${PATH}/xfce4-terminal.wrapper
-blacklist ${PATH}/konsole
+blacklist ${PATH}/mate-terminal
+blacklist ${PATH}/mate-terminal.wrapper
+blacklist ${PATH}/lilyterm
+blacklist ${PATH}/pantheon-terminal
+blacklist ${PATH}/roxterm
+blacklist ${PATH}/roxterm-config
+blacklist ${PATH}/terminix
+blacklist ${PATH}/urxvtc
+blacklist ${PATH}/urxvtcd