On Sat, Aug 28, 2021 at 04:16:11PM -0400, Thomas Dickey wrote:
> On Sat, Aug 28, 2021 at 03:47:37PM +0200, Christian Göttsche wrote:
> > On Sat, 28 Aug 2021 at 15:27, Thomas Dickey wrote:
> > >
> > > sure - they're conditioned on a nonstandard extension to C.
> > > Debian can provide some patch wh
On Sat, Aug 28, 2021 at 03:47:37PM +0200, Christian Göttsche wrote:
> On Sat, 28 Aug 2021 at 15:27, Thomas Dickey wrote:
> >
> > sure - they're conditioned on a nonstandard extension to C.
> > Debian can provide some patch which hardcodes that condition,
> > but as I recall it, there's no clean wa
On Sat, 28 Aug 2021 at 15:27, Thomas Dickey wrote:
>
> sure - they're conditioned on a nonstandard extension to C.
> Debian can provide some patch which hardcodes that condition,
> but as I recall it, there's no clean way to provide this in
> standard C.
>
Yes, these function attributes are GNU e
Source: ncurses
Version: 6.2+20201114-4
Tags: security
The interface functions mvprintw(3), mvwprintw(3), printw(3),
wprintw(3) and _tracef(3) take a format string as input.
Format string are prone for attacks[1].
To mitigate those modern compilers support format string
attributes[2,3] to warn at
On Sat, Aug 28, 2021 at 02:38:27PM +0200, Christian Göttsche wrote:
> Source: ncurses
> Version: 6.2+20201114-4
> Tags: security
>
> The interface functions mvprintw(3), mvwprintw(3), printw(3),
> wprintw(3) and _tracef(3) take a format string as input.
> Format string are prone for attacks[1].
>
5 matches
Mail list logo
