[Bug 1637239] Re: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
This bug was fixed in the package ncurses - 6.0+20171125-1ubuntu1 --- ncurses (6.0+20171125-1ubuntu1) bionic; urgency=low * Merge from Debian unstable (LP: #1637239). Remaining changes: - Add a simple autopkgtest to the package. - Build x32 packages. - Build lib32 packages on s390x. * Fix typo in libx32 package descriptions ncurses (6.0+20171125-1) unstable; urgency=medium * New upstream patchlevel. - Modify _nc_write_entry() to truncate too-long filename (report by Hosein Askari (CVE-2017-16879), Closes: #882620). * Change priority of the -dbg packages and the udeb to optional. * Delete trailing whitespace in debian/changelog. * Bump debhelper compatibility level to 10. * Switch from dh_autotools-dev_updateconfig to dh_update_autotools_config and drop the explicit autotools-dev build dependency. * Drop dpkg-dev build dependency, already fulfilled in oldstable. * Do not require (fake)root for building the packages. * Configure the test programs with --with-x11-rgb=/etc/X11/rgb.txt. ncurses (6.0+20170902-1) unstable; urgency=medium * New upstream patchlevel. - Modify check in fmt_entry() to handle a cancelled reset string (CVE-2017-13733, Closes: #873746). ncurses (6.0+20170827-1) unstable; urgency=medium * New upstream patchlevel. - Add/improve checks in tic's parser to address invalid input (Closes: #873723). + Add a check in comp_scan.c to handle the special case where a nontext file ending with a NUL rather than newline is given to tic as input (CVE-2017-13728). + Allow for cancelled capabilities in _nc_save_str (CVE-2017-13729). + Add validity checks for "use=" target in _nc_parse_entry (CVE-2017-13730). + Check for invalid strings in postprocess_termcap (CVE-2017-13731). + Reset secondary pointers on EOF in next_char() (CVE-2017-13732). + Guard _nc_safe_strcpy() and _nc_safe_strcat() against calls using cancelled strings (CVE-2017-13734). - Add usage message to clear command (Closes: #371855). * Configure the test programs with --datadir=/usr/share/ncurses-examples. * Look for tarballs on ftp.invisible-island.net in the watch files. ncurses (6.0+20170715-2) unstable; urgency=medium * Bump the minimal version of _nc_read_entry to 6.0+20170715 for partial upgrades from testing. ncurses (6.0+20170715-1) unstable; urgency=medium * New upstream patchlevel. - Bring back the _nc_read_entry symbol in libtinfo5 (Closes: #868328), drop the _nc_read_entry2 symbol which should not have been added. - Repair termcap-format from tic/infocmp broken in 20170701 fixes (Closes: #868266). ncurses (6.0+20170708-1) unstable; urgency=high * New upstream patchlevel. - Correct a limit-check in fixes from CVE-2017-10684 (report by Sven Joachim). * Amend the previous Debian changelog entry with CVE references. ncurses (6.0+20170701-1) unstable; urgency=low * New upstream patchlevel. - Add/improve checks in tic's parser to address invalid input (Redhat #1464684, #1464685, #1464686, #1464691). + alloc_entry.c, add a check for a null-pointer (CVE-2017-3). + parse_entry.c, add several checks for valid pointers (CVE-2017-2), as well as one check to ensure that a single character on a line is not treated as the 2-character termcap short-name. - Fix a problem with buffer overflow in dump_entry.c, which is addressed by reducing the use of a fixed-size buffer (CVE-2017-16084, CVE-2017-10685). * Refresh Debian patches. * Update symbols files. - Add new symbol _nc_read_entry2. - Drop wo unused symbols obsoleted in 2004: _nc_check_termtype and _nc_resolve_uses. * Blacklist dvtm and dvtm-256color terminfo entries which are shipped in the dvtm package (Closes: #863969). * Mark ncurses-doc as Multi-Arch: foreign. ncurses (6.0+20170408-1) experimental; urgency=low * New upstream patchlevel. - Fix a memory leak in the window-list when creating multiple screens (reports by Andres Martinelli, Closes: #783486). * Provide a curses(3) symlink to ncurses (Closes: #859293). * Set LD_LIBRARY_PATH when building the test programs, fixes an impending FTBFS when we switch to libncursesw6 from libncursesw5. * Update years in debian/copyright. * Change priority of libncurses5 to optional (see #852002). ncurses (6.0+20161126-1) unstable; urgency=low * New upstream patchlevel. - Omit selection of ISO-8859-1 for G0 in enacs capability from linux2.6 entry, to avoid conflict with the user-defined mapping (Closes: #830694). * Update symbols files for new symbol unfocus_current_field. ncurses (6.0+20160917-1) unstable; urgency=medium * New upstream patchlevel. - Fix typo in 20160910 changes (Closes: #837892, patch by Sven Joachim). ncurses (6.0+20160910-1) unstable; urgency=low * New upstream patchlevel.
[Bug 1637239] Re: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
Given that this is Fix Committed I'm unsubscibing the ubuntu-sponsors team. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1637239 Title: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1637239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1637239] Re: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
Uploaded the latest and greatest last week: ncurses (6.0+20171125-1ubuntu1) bionic; urgency=low * Merge from Debian unstable (LP: #1637239). Remaining changes: - Add a simple autopkgtest to the package. - Build x32 packages. - Build lib32 packages on s390x. * Fix typo in libx32 package descriptions -- Julian Andres KlodeThu, 11 Jan 2018 20:51:25 +0100 ** Changed in: ncurses (Ubuntu) Status: Confirmed => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1637239 Title: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1637239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1637239] Re: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
(in any case, we're already in Feature Freeze, so unless an exception is given (in which case I'll gladly upload it), it's too late to go in Artful) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1637239 Title: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1637239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1637239] Re: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
Oh, I apparently don't know how to read... Thanks Mattia! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1637239 Title: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1637239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1637239] Re: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
@tsimonq2 where/when? I still see 6.0+20160625-1ubuntu1 in artful. Subscribing ubuntu-sponsors again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1637239 Title: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1637239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1637239] Re: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
Unsubscribing ~ubuntu-sponsors as this has been uploaded already. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1637239 Title: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1637239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1637239] Re: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
Hi, came across this issue. Now that 17.04 is out, are there any more blockers from landing this in artful? (Just curious) ** Tags added: needs-debian-merge -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1637239 Title: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1637239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1637239] Re: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main)
The debdiff looks good, but have reviewed the upstream delta and agreed with Tiago that this should wait until after the zesty release. Unsubscribing sponsors. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1637239 Title: Please merge ncurses 6.0+20161126-1 (main) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ncurses/+bug/1637239/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs