Univention Bugzilla – Bug 46152
ncurses: Multiple issues (4.2)
Last modified: 2018-05-08 14:56:53 CEST
ncurses (5.9+20140913-1+deb8u1) jessie; urgency=medium * CVE-2017-10684 ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c * CVE-2017-10685 ncurses: Stack-based buffer overflow caused by format string vulnerability in fmt_entry function * CVE-2017-11112 ncurses: Illegal address access in append_acs function * CVE-2017-11113 ncurses: Null pointer dereference vulnerability in _nc_parse_entry function * CVE-2017-13728 ncurses: Infinite loop in the next_char function * CVE-2017-13729 ncurses: Illegal address access in the _nc_save_str function * CVE-2017-13730 ncurses: Illegal address access in the function _nc_read_entry_source() * CVE-2017-13731 ncurses: Illegal address access in the function postprocess_termcap() * CVE-2017-13732 ncurses: Illegal address access in the function dump_uses() * CVE-2017-13733 ncurses: Illegal address access in the function fmt_entry * CVE-2017-13734 ncurses: Illegal address access in the function _nc_safe_strcat
Mass-import from Debian-Security: python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553 YAML: git:bd6159834a..449aa5a7cf
--- mirror/ftp/4.2/unmaintained/4.2-0/source/ncurses_5.9+20140913-1.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/ncurses_5.9+20140913-1+deb8u2.dsc @@ -1,3 +1,21 @@ +5.9+20140913-1+deb8u2 [Sun, 03 Dec 2017 11:20:45 +0100] Sven Joachim <svenjoac@gmx.de>: + + * Re-upload with no changes to work around #826161. + +5.9+20140913-1+deb8u1 [Thu, 07 Sep 2017 19:08:05 +0200] Sven Joachim <svenjoac@gmx.de>: + + * Cherry-pick upstream fixes from the 20170701 and 20170708 patchlevels + for various crash bugs in the tic library and the tic binary + (CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113). + * Apply termcap-format fix from openSUSE's ncurses-5.9-55.6.1 package, + repairing a regression from the above security fixes (see #868266). + * Cherry-pick upstream fixes from the 20170826 patchlevel for more + crash bugs in the tic library (CVE-2017-13728, CVE-2017-13729, + CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13734, + Closes: #873723). + * Cherry-pick upstream fixes from the 20170902 patchlevel to fix + another crash bug in the tic program (CVE-2017-13733, Closes: #873746). + 5.9+20140913-1 [Wed, 17 Sep 2014 19:00:57 +0200] Sven Joachim <svenjoac@gmx.de>: * New upstream patchlevel.
* No UCS specific patches * Comparison to previously shipped version ok * Binary package update Ok * Advisory Ok
*** Bug 46151 has been marked as a duplicate of this bug. ***
<http://errata.software-univention.de/ucs/4.2/383.html>