Source: ncurses Version: 6.1+20190803-1 Severity: important Tags: security upstream
Hi, The following vulnerabilities were published for ncurses. CVE-2019-17594[0]: | There is a heap-based buffer over-read in the _nc_find_entry function | in tinfo/comp_hash.c in the terminfo library in ncurses before | 6.1-20191012. CVE-2019-17595[1]: | There is a heap-based buffer over-read in the fmt_entry function in | tinfo/comp_hash.c in the terminfo library in ncurses before | 6.1-20191012. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-17594 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594 https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html [1] https://security-tracker.debian.org/tracker/CVE-2019-17595 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595 https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
