Your message dated Mon, 17 Nov 2025 18:26:20 +0000
with message-id <[email protected]>
and subject line Bug#1107937: fixed in ncurses 6.5+20251115-1
has caused the Debian Bug report #1107937,
regarding ncurses: CVE-2025-6141
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107937: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107937
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ncurses
Version: 6.5+20250216-2
Severity: important
Tags: security upstream
Forwarded: https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for ncurses.
CVE-2025-6141[0]:
| A vulnerability has been found in GNU ncurses up to 6.5-20250322 and
| classified as problematic. This vulnerability affects the function
| postprocess_termcap of the file tinfo/parse_entry.c. The
| manipulation leads to stack-based buffer overflow. The attack needs
| to be approached locally. Upgrading to version 6.5-20250329 is able
| to address this issue. It is recommended to upgrade the affected
| component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-6141
https://www.cve.org/CVERecord?id=CVE-2025-6141
[1] https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html
[2] https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html
[3] https://invisible-island.net/ncurses/NEWS.html#index-t20250329
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ncurses
Source-Version: 6.5+20251115-1
Done: Sven Joachim <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ncurses, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Joachim <[email protected]> (supplier of updated ncurses package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 17 Nov 2025 18:46:28 +0100
Source: ncurses
Architecture: source
Version: 6.5+20251115-1
Distribution: experimental
Urgency: low
Maintainer: Ncurses Maintainers <[email protected]>
Changed-By: Sven Joachim <[email protected]>
Closes: 1096164 1107937
Changes:
ncurses (6.5+20251115-1) experimental; urgency=low
.
* New upstream patchlevel.
- Add a buffer-limit check in postprocess_termcap (report/testcase
by Yifan Zhang (CVE-2025-6141, Closes: #1107937)).
- Formatting improvements for terminfo.5 (Closes: #1096164).
* Refresh patch 02-debian-backspace.diff.
* Drop the redundant Rules-Requires-Root field from debian/control.
Checksums-Sha1:
bf94879f5fef13f50be98f947929c3739333e6c4 3889 ncurses_6.5+20251115-1.dsc
ee61fbe2e7a01eadd14d24b9779a8098b786ac74 3793108
ncurses_6.5+20251115.orig.tar.gz
bd5f0d492a259d32a3c7ff4a4ecd10b64f8482c4 729
ncurses_6.5+20251115.orig.tar.gz.asc
e3813379ee68c4fc27f5f5d28f64df7dd7185a99 50488
ncurses_6.5+20251115-1.debian.tar.xz
669f4de212fbbdab2a3732d98dc5d36a16e755ab 5421
ncurses_6.5+20251115-1_source.buildinfo
Checksums-Sha256:
1589933801307e7447f3be8c8d3730336943a2aa2dfb601ff7e72c10513a366d 3889
ncurses_6.5+20251115-1.dsc
8b243c21571299bb68e1a4f1b600351468c05ebc2fd472b57290efd7b5d83f22 3793108
ncurses_6.5+20251115.orig.tar.gz
986c4596cc1bc3c8e0cd8d0069e190749db50e1fc63decf4d085035f772dc85f 729
ncurses_6.5+20251115.orig.tar.gz.asc
f7930fd26353f38068a851ed3994c355367fef10715dff5ad6f36303c0e4863e 50488
ncurses_6.5+20251115-1.debian.tar.xz
8e6978f2d67b25f8dff6da34ff161fc5c8866878227b0ca02803548e814fa2d2 5421
ncurses_6.5+20251115-1_source.buildinfo
Files:
ec30f0c5d602c1c85aee88b5acfe6e8b 3889 libs required ncurses_6.5+20251115-1.dsc
1781a0689ad5d77c8cb0396ac0e06aaa 3793108 libs required
ncurses_6.5+20251115.orig.tar.gz
32a4bd3a0e3e1fa29e584c98650e1a3b 729 libs required
ncurses_6.5+20251115.orig.tar.gz.asc
d189a6e0d5b82f7d8c9c1947c20b648d 50488 libs required
ncurses_6.5+20251115-1.debian.tar.xz
8fba0666f8bc850bd640de62cbde3c23 5421 libs required
ncurses_6.5+20251115-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAmkbX/YACgkQOxBucY1r
MawDFg//X7CbqhiUorzPNwlzwUX+81bu5DQ7fQkjNTTVJVa7B1LlaMvjjZBCM/Hq
JlRQJ+mGOhbjDcB/htKN9iXepbXEF2CseRbif9NwaDRoVZ8GKXg1AZTjTvTx+4kI
tjbU2oi7siatS/s0E1JxFsIdTm4Y3aQMbjKmpx2EJHzPWaVxkpw8ubO8b7pch8X/
0J9gtS5h9PpeS/6OzOJvujr4vNkxga6I9WPq2Kae2Wf9dvFUFOdU+4rSTaS/qTIB
1UeBlRv3ybg6VPp7p9laTQKD2ttUtheN+jkADintpVT7bK9Hr65tSS4we8yL3Mf4
1T772I/QkfnIKV07hBybw6yfIfTXqmU2c7cqWloBFGytsr/2dDzj2YV3wVuILgRA
g9UUgCROdm0fWNCB1I6mfy1wktjQD06MMZkIvIHpPcKGdrC38caGJjHzwXsqczS6
PxblaNoFGy8KZqk8NUTiXkHAqaoukNHCONxeQZYaFK/KtDRHUOgpPW8DCS/ozfTq
bFIirdghx60bphb02TmM6OOR36nGADwvuyrAsGyxASqb8Nie4BhhqdexmXKqNrRT
jnjy9myphahlZMl6RxcOjHcDjlGWVYcJfLJnxL73xdw6vH3B/fx8cDMfC70HBGz+
74IABcXpJ/fOK8190hAm2wL01zXKyAacrmlS+wpAfyZtTHqpQ+s=
=/nOc
-----END PGP SIGNATURE-----
pgpOncY0zn7rn.pgp
Description: PGP signature
--- End Message ---
