Summary: | <sys-libs/ncurses-6.2: multiple vulnerabilities (CVE-2019-{17594,17595}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | lperkins |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, base-system, lperkins |
Priority: | Normal | Keywords: | CC-ARCHES |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
=sys-libs/ncurses-6.2-r1
|
Runtime testing required: | --- |
Description
lperkins
2019-10-21 17:15:36 UTC
There is an additional bug CVE-2019-17594: "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012." @maintainer(s), please advise if ready for stabilisation, or call yourself amd64 stable ppc stable s390 stable sparc stable arm stable ppc64 stable hppa stable x86 stable arm64 stable ---- @maintainer(s), please cleanup Tree is clean: commit 141f394e8b1f274d1f14cc60d3370ed50345fe25 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Tue Jul 14 12:49:10 2020 +0200 sys-libs/ncurses: Removed old Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> delete mode 100644 sys-libs/ncurses/ncurses-6.1_p20181020.ebuild delete mode 100644 sys-libs/ncurses/ncurses-6.1_p20190609.ebuild This issue was resolved and addressed in GLSA 202101-28 at https://security.gentoo.org/glsa/202101-28 by GLSA coordinator Sam James (sam_c). |