Source: ncurses X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: important Tags: security
Hi, the following vulnerabilities were published for ncurses. CVE-2017-13728[0]: | There is an infinite loop in the next_char function in comp_scan.c in | ncurses 6.0, related to libtic. A crafted input will lead to a remote | denial of service attack. CVE-2017-13729[1]: | There is an illegal address access in the _nc_save_str function in | alloc_entry.c in ncurses 6.0. It will lead to a remote denial of | service attack. CVE-2017-13730[2]: | There is an illegal address access in the function | _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead | to a remote denial of service attack. CVE-2017-13731[3]: | There is an illegal address access in the function | postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to | a remote denial of service attack. CVE-2017-13732[4]: | There is an illegal address access in the function dump_uses() in | progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of | service attack. CVE-2017-13733[5]: | There is an illegal address access in the fmt_entry function in | progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of | service attack. CVE-2017-13734[6]: | There is an illegal address access in the _nc_safe_strcat function in | strings.c in ncurses 6.0 that will lead to a remote denial of service | attack. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-13728 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728 [1] https://security-tracker.debian.org/tracker/CVE-2017-13729 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729 [2] https://security-tracker.debian.org/tracker/CVE-2017-13730 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730 [3] https://security-tracker.debian.org/tracker/CVE-2017-13731 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731 [4] https://security-tracker.debian.org/tracker/CVE-2017-13732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732 [5] https://security-tracker.debian.org/tracker/CVE-2017-13733 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733 [6] https://security-tracker.debian.org/tracker/CVE-2017-13734 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734 Please adjust the affected versions in the BTS as needed. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/