Control: found -1 5.9-10 On 2019-10-15 20:54 +0200, Salvatore Bonaccorso wrote:
> Source: ncurses > Version: 6.1+20190803-1 > Severity: important > Tags: security upstream > > The following vulnerabilities were published for ncurses. > > CVE-2019-17594[0]: > | There is a heap-based buffer over-read in the _nc_find_entry function > | in tinfo/comp_hash.c in the terminfo library in ncurses before > | 6.1-20191012. > > > CVE-2019-17595[1]: > | There is a heap-based buffer over-read in the fmt_entry function in > | tinfo/comp_hash.c in the terminfo library in ncurses before > | 6.1-20191012. > > Please adjust the affected versions in the BTS as needed. Marking the bugs as found in the Wheezy version of ncurses, but I think they have actually been around for much longer. Cheers, Sven