Bug#1030888: bullseye-pu: package ncurses/6.2+20201114-2+deb11u1
Control: tags -1 + confirmed
On Wed, 2023-02-08 at 20:30 +0100, Sven Joachim wrote:
> I would like to fix two crash bugs in tic(1) & friends for Bullseye.
> There have been various similar issues in the previous years which we
> usually fixed in point releases.
>
> [ Reason ]
> 1. Bug #10098701[1] aka CVE-2022-29458[2]
> 2. Bug #1029399[3]
>
> [ Impact ]
> 1. Out-of-bounds read in the tinfo library could lead to crashes and
> potential code execution on crafted input. This usually requires
> the victim's assistance.
>
> 2. Stack buffer overflow can lead to a crash in tic on crafted input.
> This usually requires the victim's assistance.
>
Please go ahead.
Regards,
Adam
Reply to: