Bug#1030888: bullseye-pu: package ncurses/6.2+20201114-2+deb11u1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + confirmed

On Wed, 2023-02-08 at 20:30 +0100, Sven Joachim wrote:
> I would like to fix two crash bugs in tic(1) & friends for Bullseye.
> There have been various similar issues in the previous years which we
> usually fixed in point releases.
> 
> [ Reason ]
> 1. Bug #10098701[1] aka CVE-2022-29458[2]
> 2. Bug #1029399[3]
> 
> [ Impact ]
> 1. Out-of-bounds read in the tinfo library could lead to crashes and
>    potential code execution on crafted input.  This usually requires
>    the victim's assistance.
> 
> 2. Stack buffer overflow can lead to a crash in tic on crafted input.
>    This usually requires the victim's assistance.
> 

Please go ahead.

Regards,

Adam