Bug#1030888: bullseye-pu: package ncurses/6.2+20201114-2+deb11u1

[Sven Joachim <svenjoac@gmx.de>]

On 2023-02-19 18:52 +0000, Adam D. Barratt wrote:

> Control: tags -1 + confirmed
>
> On Wed, 2023-02-08 at 20:30 +0100, Sven Joachim wrote:
>> I would like to fix two crash bugs in tic(1) & friends for Bullseye.
>> There have been various similar issues in the previous years which we
>> usually fixed in point releases.
>>
>> [ Reason ]
>> 1. Bug #10098701[1] aka CVE-2022-29458[2]
>> 2. Bug #1029399[3]
>>
>> [ Impact ]
>> 1. Out-of-bounds read in the tinfo library could lead to crashes and
>>    potential code execution on crafted input.  This usually requires
>>    the victim's assistance.
>>
>> 2. Stack buffer overflow can lead to a crash in tic on crafted input.
>>    This usually requires the victim's assistance.
>>
>
> Please go ahead.

Thanks, uploaded.

Cheers,
       Sven