Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1

To: Sven Joachim <svenjoac@gmx.de>, 867814@bugs.debian.org
Subject: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
From: Julien Cristau <jcristau@debian.org>
Date: Sat, 9 Sep 2017 15:08:53 +0200
Message-id: <[🔎] 20170909130853.ab4eubhzqqkvjyso@betterave.cristau.org>
Reply-to: Julien Cristau <jcristau@debian.org>, 867814@bugs.debian.org
In-reply-to: <87eftpcyb4.fsf@turtle.gmx.de>
References: <87eftpcyb4.fsf@turtle.gmx.de> <87eftpcyb4.fsf@turtle.gmx.de>

Control: tag -1 moreinfo

On Sun, Jul  9, 2017 at 19:30:55 +0200, Sven Joachim wrote:

> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Recently a few flaws in the tic program and the tic library have been
> detected: null pointer dereference, buffer overflow, stack smashing, you
> name it.  Six bugs have been reported in the Red Hat bugtracker and four
> CVEs assigned.  Fortunately there are rather few users who would run
> affected programs at all, so it was decided that no DSA would be
> necessary.
> 
Hi Sven,

Do you know what the reverse dependencies of the tic program or library
are in Debian, and whether any of them commonly process untrusted
terminfo data (though I know that's not an easy thing to paint as
black/white)?

Thanks,
Julien

Reply to:

Follow-Ups:
- Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
  - From: Sven Joachim <svenjoac@gmx.de>

Prev by Date: Bug#866753: marked as done (stretch-pu: package gcc-6/6.3.0-18+deb9u1)
Next by Date: Processed: Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
Previous by thread: Processed: Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
Next by thread: Processed: Re: Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
Index(es):
- Date
- Thread