File _patchinfo of Package patchinfo.5166

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.5166

<patchinfo incident="5166">
  <issue id="1046853" tracker="bnc">VUL-0: CVE-2017-10685: ncurses: possible RCE with format string vulnerability in the fmt_entry function</issue>
  <issue id="1046858" tracker="bnc">VUL-0: CVE-2017-10684: ncurses: possible RCE via stack-based buffer overflow in the fmt_entry function</issue>
  <issue id="1049344" tracker="bnc">ncurses: terminfo-base: Wrong  file format /etc/termcap</issue>
  <issue id="1047964" tracker="bnc">VUL-0: CVE-2017-11112: ncurses: Illegal address access in append_acs</issue>
  <issue id="1047965" tracker="bnc">VUL-0: CVE-2017-11113: ncurses: Dereferencing NULL pointer in _nc_parse_entry</issue>
  <issue id="2017-10684" tracker="cve" />
  <issue id="2017-10685" tracker="cve" />
  <issue id="2017-11112" tracker="cve" />
  <issue id="2017-11113" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>WernerFink</packager>
  <description>This update for ncurses fixes the following issues:

Security issues fixed:
- CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964)
- CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965)
- CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken
  termcap format (bsc#1046853, bsc#1046858, bsc#1049344)

</description>
  <summary>Security update for ncurses</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.5166

Places