Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
Control: tags -1 - confirmed
Control: tags -1 + moreinfo
On 2017-07-15 11:04 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed d-i
>
> On Sun, 2017-07-09 at 19:30 +0200, Sven Joachim wrote:
>> Recently a few flaws in the tic program and the tic library have been
>> detected: null pointer dereference, buffer overflow, stack smashing, you
>> name it. Six bugs have been reported in the Red Hat bugtracker and four
>> CVEs assigned. Fortunately there are rather few users who would run
>> affected programs at all, so it was decided that no DSA would be
>> necessary.
Unfortunately the fixes have caused a regression in infocmp, see
#868266. I expect an upstream fix this night, but to properly test it
and prepare new packages taking a bit more time seems advisable. So I
guess we'll have to defer that for 9.2.
> I'd be okay with this, but it will need a kibi-ack due to the udeb.
The changes do not touch the tinfo library which is all that shipped in
the udeb.
Cheers,
Sven
Reply to: