Hi Sven, On Tue, Oct 15, 2019 at 10:15:53PM +0200, Sven Joachim wrote: > Control: found -1 5.9-10 > > On 2019-10-15 20:54 +0200, Salvatore Bonaccorso wrote: > > > Source: ncurses > > Version: 6.1+20190803-1 > > Severity: important > > Tags: security upstream > > > > The following vulnerabilities were published for ncurses. > > > > CVE-2019-17594[0]: > > | There is a heap-based buffer over-read in the _nc_find_entry function > > | in tinfo/comp_hash.c in the terminfo library in ncurses before > > | 6.1-20191012. > > > > > > CVE-2019-17595[1]: > > | There is a heap-based buffer over-read in the fmt_entry function in > > | tinfo/comp_hash.c in the terminfo library in ncurses before > > | 6.1-20191012. > > > > Please adjust the affected versions in the BTS as needed. > > Marking the bugs as found in the Wheezy version of ncurses, but I think > they have actually been around for much longer.
Thanks. For completeness: issues were marked no-dsa as well. Regards, Salvatore
