Control: found -1 5.9-10
On 2019-10-15 20:54 +0200, Salvatore Bonaccorso wrote:
> Source: ncurses
> Version: 6.1+20190803-1
> Severity: important
> Tags: security upstream
>
> The following vulnerabilities were published for ncurses.
>
> CVE-2019-17594[0]:
> | There is a heap-based buffer over-read in the _nc_find_entry function
> | in tinfo/comp_hash.c in the terminfo library in ncurses before
> | 6.1-20191012.
>
>
> CVE-2019-17595[1]:
> | There is a heap-based buffer over-read in the fmt_entry function in
> | tinfo/comp_hash.c in the terminfo library in ncurses before
> | 6.1-20191012.
>
> Please adjust the affected versions in the BTS as needed.
Marking the bugs as found in the Wheezy version of ncurses, but I think
they have actually been around for much longer.
Cheers,
Sven
