Bug#873723: ncurses: multiple vulnerabilities on tic, captoinfo, infotocap (CVE-2017-13728 to CVE-2017-13734)

Wed, 30 Aug 2017 09:21:27 -0700 

Control: clone -1 -2
Control: retitle -2 ncurses: CVE-2017-13733

On 2017-08-30 15:49 +0200, Raphael Hertzog wrote:

> Source: ncurses
> X-Debbugs-CC: t...@security.debian.org 
> secure-testing-t...@lists.alioth.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> the following vulnerabilities were published for ncurses.
>
> CVE-2017-13728[0]:
> | There is an infinite loop in the next_char function in comp_scan.c in
> | ncurses 6.0, related to libtic. A crafted input will lead to a remote
> | denial of service attack.
>
> CVE-2017-13729[1]:
> | There is an illegal address access in the _nc_save_str function in
> | alloc_entry.c in ncurses 6.0. It will lead to a remote denial of
> | service attack.
>
> CVE-2017-13730[2]:
> | There is an illegal address access in the function
> | _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead
> | to a remote denial of service attack.
>
> CVE-2017-13731[3]:
> | There is an illegal address access in the function
> | postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to
> | a remote denial of service attack.
>
> CVE-2017-13732[4]:
> | There is an illegal address access in the function dump_uses() in
> | progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
> | service attack.
>
> CVE-2017-13733[5]:
> | There is an illegal address access in the fmt_entry function in
> | progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
> | service attack.
>
> CVE-2017-13734[6]:
> | There is an illegal address access in the _nc_safe_strcat function in
> | strings.c in ncurses 6.0 that will lead to a remote denial of service
> | attack.

All but CVE-2017-13733 have been fixed in the latest upstream patchlevel
for which I have already prepared a release, cloning the bug to track
that one separately.

> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

Already done[1].

Cheers,
       Sven


1. 
https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=45ee200645d5f299be580db4aeb2a4b5c817301a

Reply via email to