Bug#867814: stretch-pu: package ncurses/6.0+20161126-1+deb9u1
Control: tag -1 moreinfo
On Sun, Jul 9, 2017 at 19:30:55 +0200, Sven Joachim wrote:
> Package: release.debian.org
> Severity: normal
> Tags: stretch
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> Recently a few flaws in the tic program and the tic library have been
> detected: null pointer dereference, buffer overflow, stack smashing, you
> name it. Six bugs have been reported in the Red Hat bugtracker and four
> CVEs assigned. Fortunately there are rather few users who would run
> affected programs at all, so it was decided that no DSA would be
> necessary.
>
Hi Sven,
Do you know what the reverse dependencies of the tic program or library
are in Debian, and whether any of them commonly process untrusted
terminfo data (though I know that's not an easy thing to paint as
black/white)?
Thanks,
Julien
Reply to: