File _patchinfo of Package patchinfo.6977
<patchinfo incident="6977">
<issue id="1000662" tracker="bnc">L3: Columns variable not working in cron jobs anymore</issue>
<issue id="1046853" tracker="bnc">VUL-0: CVE-2017-10685: ncurses: possible RCE with format string vulnerability in the fmt_entry function</issue>
<issue id="1046858" tracker="bnc">VUL-0: CVE-2017-10684: ncurses: possible RCE via stack-based buffer overflow in the fmt_entry function</issue>
<issue id="2017-10685" tracker="cve" />
<issue id="2017-10684" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>WernerFink</packager>
<description>This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858)
- CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853)
Bugfixes:
- Drop patch ncurses-5.9-environment.dif as YaST2 ncurses GUI does
not need it anymore and as well as it causes bug bsc#1000662
This update was imported from the SUSE:SLE-12:Update update project.</description>
<summary>Recommended update for ncurses</summary>
</patchinfo>