[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1

Control: tags -1 - confirmed
Control: tags -1 + moreinfo

On 2017-07-15 11:04 +0100, Adam D. Barratt wrote:

> Control: tags -1 + confirmed d-i
>
> On Sun, 2017-07-09 at 19:30 +0200, Sven Joachim wrote:
>> Recently a few flaws in the tic program and the tic library have been
>> detected: null pointer dereference, buffer overflow, stack smashing, you
>> name it.  Six bugs have been reported in the Red Hat bugtracker and four
>> CVEs assigned.  Fortunately there are rather few users who would run
>> affected programs at all, so it was decided that no DSA would be
>> necessary.

Unfortunately the fixes have caused a regression in infocmp, see
#868266.  I expect an upstream fix this night, but to properly test it
and prepare new packages taking a bit more time seems advisable.  So I
guess we'll have to defer that for 9.2.

> I'd be okay with this, but it will need a kibi-ack due to the udeb.

The changes do not touch the tinfo library which is all that shipped in
the udeb.

Cheers,
       Sven
Reply to: