On 2023-02-19 18:52 +0000, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Wed, 2023-02-08 at 20:30 +0100, Sven Joachim wrote: >> I would like to fix two crash bugs in tic(1) & friends for Bullseye. >> There have been various similar issues in the previous years which we >> usually fixed in point releases. >> >> [ Reason ] >> 1. Bug #10098701[1] aka CVE-2022-29458[2] >> 2. Bug #1029399[3] >> >> [ Impact ] >> 1. Out-of-bounds read in the tinfo library could lead to crashes and >> potential code execution on crafted input. This usually requires >> the victim's assistance. >> >> 2. Stack buffer overflow can lead to a crash in tic on crafted input. >> This usually requires the victim's assistance. >> > > Please go ahead.
Thanks, uploaded. Cheers, Sven