mirror of
https://git.yoctoproject.org/poky
synced 2026-03-12 10:19:44 +01:00
455877548e
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. References: https://nvd.nist.gov/vuln/detail/CVE-2017-13734 https://nvd.nist.gov/vuln/detail/CVE-2017-13732 https://nvd.nist.gov/vuln/detail/CVE-2017-13731 https://nvd.nist.gov/vuln/detail/CVE-2017-13730 https://nvd.nist.gov/vuln/detail/CVE-2017-13729 https://nvd.nist.gov/vuln/detail/CVE-2017-13728 Upstream patch: https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=129aac80802d997b86ab0663836b7fdafb8e3926 (From OE-Core rev: 52d0f351062da730055ffc6b953ff4e68ddb437f) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>