File _patchinfo of Package patchinfo.3474

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.3474

<patchinfo incident="3474">
  <issue id="1000662" tracker="bnc">L3: Columns variable not working in cron jobs anymore</issue>
  <issue id="1046853" tracker="bnc">VUL-0: CVE-2017-10685: ncurses: possible RCE with format string vulnerability in the fmt_entry function</issue>
  <issue id="1046858" tracker="bnc">VUL-0: CVE-2017-10684: ncurses: possible RCE via stack-based buffer overflow in the fmt_entry function</issue>
  <issue id="2017-10685" tracker="cve" />
  <issue id="2017-10684" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>WernerFink</packager>
  <description>This update for ncurses fixes the following issues:

Security issues fixed:
- CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858)
- CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853)

Bugfixes:
- Drop patch ncurses-5.9-environment.dif as YaST2 ncurses GUI does
  not need it anymore and as well as it causes bug bsc#1000662 
</description>
  <summary>Recommended update for ncurses</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.3474

Places