Your message dated Thu, 23 Feb 2023 21:17:09 +0000 with message-id <e1pvixh-0030dw...@fasolo.debian.org> and subject line Bug#1009870: fixed in ncurses 6.2+20201114-2+deb11u1 has caused the Debian Bug report #1009870, regarding ncurses: CVE-2022-29458 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1009870: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009870 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ncurses Version: 6.3-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for ncurses. CVE-2022-29458[0]: | ncurses 6.3 before patch 20220416 has an out-of-bounds read and | segmentation violation in convert_strings in tinfo/read_entry.c in the | terminfo library. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-29458 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458 [1] https://invisible-island.net/ncurses/NEWS.html#t20220416 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ncurses Source-Version: 6.2+20201114-2+deb11u1 Done: Sven Joachim <svenj...@gmx.de> We believe that the bug you reported is fixed in the latest version of ncurses, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1009...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sven Joachim <svenj...@gmx.de> (supplier of updated ncurses package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 08 Feb 2023 20:16:03 +0100 Source: ncurses Architecture: source Version: 6.2+20201114-2+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Craig Small <csm...@debian.org> Changed-By: Sven Joachim <svenj...@gmx.de> Closes: 1009870 1029399 Changes: ncurses (6.2+20201114-2+deb11u1) bullseye; urgency=medium . * New patch CVE-2022-29458.diff: add a limit-check to guard against corrupt terminfo data (report/testcase by NCNIPC of China, CVE-2022-29458), fix backported from the 20220416 upstream patchlevel (Closes: #1009870). Thanks to Thorsten Alteholz for the patch. * New patch fix_crash_on_very_long_tc-use_clause.diff, cherry-picked from the 20230121 patchlevel: correct limit-check when dumping tc/use clause via tic -I (report by Gabriel Ravier, Closes: #1029399). * Use bullseye as the release in the Salsa CI pipeline. * Add a lintian override for source-is-missing in the Ada documentation (see #1019980). Checksums-Sha1: 0e0ba4212a99b1b2567cdf36d8768ba0586cb1a5 4138 ncurses_6.2+20201114-2+deb11u1.dsc 3f8699c09bf514499e67cb6c7c6e99530bc9ee4c 53556 ncurses_6.2+20201114-2+deb11u1.debian.tar.xz ca26e8b8cfaf86c4aa9bd3965c6859a3c82ec6c8 5895 ncurses_6.2+20201114-2+deb11u1_source.buildinfo Checksums-Sha256: 7ba568bfdd893cf88fe48093273d168a3fda1e74f9fdd7af5a8970baeab55011 4138 ncurses_6.2+20201114-2+deb11u1.dsc 24f38ec08bc231c7cd5f598b50e10a00b10b46b50aef9c05b9379dc361aed537 53556 ncurses_6.2+20201114-2+deb11u1.debian.tar.xz b6e3d33f64d9ce28d085b21f4c2c9c6f1b1018e2f94843d1518ff9198f4a3e44 5895 ncurses_6.2+20201114-2+deb11u1_source.buildinfo Files: 2449b835dc0ffe9f1d97d695ff9edabb 4138 libs required ncurses_6.2+20201114-2+deb11u1.dsc ee13982f78f223e775ef5b14b3a3a1f3 53556 libs required ncurses_6.2+20201114-2+deb11u1.debian.tar.xz 177eb62a4c8fd07e369f740b7ba0d275 5895 libs required ncurses_6.2+20201114-2+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAmPj9Y4ACgkQOxBucY1r MayyxRAAnU9jYzz5AnPSLk+FJkfENWc9zWfVCd+2yV/RLon1MRMswF+kJ3qGfdt2 V8sPnTKJV8Jb1NuCEEHEY9HAtEIV2RI6Eq71/19W1SjFskXxTaBNoacKQr4xGtN7 hDmY3wV4oPjleO+rKJRF0KvG0j9KPKQXDNYI5wyoAOwyXEOXfxQRVY2Jp0F6PbXz ZkO0e5EwE4E6MH4Hqi1QbplKmsSJjEY5dtbxCsmMdOpVwNbXKZvWLudB70+d9XVC AR4aRX/N2c5+S1E0FyyQW0kDpVZ5M7F3BHHzNJbbE+VT1/Hl3kwyYy8QOnGPL9YE QWx/04YjgL7AGsRcTScSY4ocBbulLbOjtWbBAwwUkhRas2vS6HjY1qs+2ovTg9zi NX1GSBY4Hdh2ZhnvI+rmBNmxTT1r10MjhVXde+ul1z+5XPxmrlLAfyNLsUdZ9UHm rcS2qxtSWzcWrXIfKVDLX0hm3hhP1NV7bdMQaLeP0hBTPCsJOzcuRxSi9z+FCBtA WZcGAlOGD5QeZwvpncZ2Yb8mkmb+MkDPWcl9GcbT1fiUiHXhyx6VF+zFiYIDnLRV IH1IILbCSY6SVV6ccCl+iiyNWuW1Gfnx3w4XiqpwVCj2O29wtI3SZTpjIrqdK2zJ fKu2wHIC2BR4GcryoJaSKHA6dPzDFDhBroJC6h+y68QLx+eH1uI= =TKSv -----END PGP SIGNATURE-----
--- End Message ---
