Comment 1 Philipp Hahn 2018-01-25 10:59:32 CET

Mass-import from Debian-Security:
  python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553

YAML: git:bd6159834a..449aa5a7cf

Comment 2 Quality Assurance 2018-05-04 16:56:37 CEST

--- mirror/ftp/4.2/unmaintained/4.2-0/source/ncurses_5.9+20140913-1.dsc
+++ apt/ucs_4.2-0-errata4.2-3/source/ncurses_5.9+20140913-1+deb8u2.dsc
@@ -1,3 +1,21 @@
+5.9+20140913-1+deb8u2 [Sun, 03 Dec 2017 11:20:45 +0100] Sven Joachim <svenjoac@gmx.de>:
+
+  * Re-upload with no changes to work around #826161.
+
+5.9+20140913-1+deb8u1 [Thu, 07 Sep 2017 19:08:05 +0200] Sven Joachim <svenjoac@gmx.de>:
+
+  * Cherry-pick upstream fixes from the 20170701 and 20170708 patchlevels
+    for various crash bugs in the tic library and the tic binary
+    (CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113).
+  * Apply termcap-format fix from openSUSE's ncurses-5.9-55.6.1 package,
+    repairing a regression from the above security fixes (see #868266).
+  * Cherry-pick upstream fixes from the 20170826 patchlevel for more
+    crash bugs in the tic library (CVE-2017-13728, CVE-2017-13729,
+    CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13734,
+    Closes: #873723).
+  * Cherry-pick upstream fixes from the 20170902 patchlevel to fix
+    another crash bug in the tic program (CVE-2017-13733, Closes: #873746).
+
 5.9+20140913-1 [Wed, 17 Sep 2014 19:00:57 +0200] Sven Joachim <svenjoac@gmx.de>:
 
   * New upstream patchlevel.

Comment 3 Arvid Requate 2018-05-07 19:32:40 CEST

* No UCS specific patches
* Comparison to previously shipped version ok
* Binary package update Ok
* Advisory Ok

Comment 4 Arvid Requate 2018-05-07 19:51:49 CEST

*** Bug 46151 has been marked as a duplicate of this bug. ***

Comment 5 Arvid Requate 2018-05-08 14:56:53 CEST

<http://errata.software-univention.de/ucs/4.2/383.html>