Control: tags -1 + confirmed On Wed, 2023-02-08 at 20:30 +0100, Sven Joachim wrote: > I would like to fix two crash bugs in tic(1) & friends for Bullseye. > There have been various similar issues in the previous years which we > usually fixed in point releases. > > [ Reason ] > 1. Bug #10098701[1] aka CVE-2022-29458[2] > 2. Bug #1029399[3] > > [ Impact ] > 1. Out-of-bounds read in the tinfo library could lead to crashes and > potential code execution on crafted input. This usually requires > the victim's assistance. > > 2. Stack buffer overflow can lead to a crash in tic on crafted input. > This usually requires the victim's assistance. >
Please go ahead. Regards, Adam
