GNU bug report logs - #27619
[PATCH] gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685.

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sat, 8 Jul 2017 15:13:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 27619 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Leo Famulari <leo <at> famulari.name>
Cc: 27619 <at> debbugs.gnu.org
Subject: Re: [bug#27619] ncurses patch releases
Date: Mon, 10 Jul 2017 12:30:54 +0200

Leo Famulari <leo <at> famulari.name> skribis:

> According to this message on bug-ncurses, the fixes could be incomplete,
> although I doubt that person is using the exact same subset of the
> upstream patch as the one I am proposing:
>
> https://lists.gnu.org/archive/html/bug-ncurses/2017-07/msg00008.html
>
> On the general subject of ncurses bugs, the ncurses author issues patch
> releases for ncurses frequently:
>
> ftp://invisible-island.net/ncurses/6.0/
>
> I didn't know that and I haven't read the changelogs to see if there are
> other very important fixes for us to use.

Indeed, it might be best to regularly upgrade from there.

BTW, what should we do in ‘core-updates’?  I would suggest at least
applying the patch you sent, and maybe upgrading to one of the releases
above, though I haven’t checked what fixes they contain.

Thanks,
Ludo’.

This bug report was last modified 7 years and 320 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27619 [PATCH] gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685.

GNU bug report logs - #27619
[PATCH] gnu: ncurses: Fix CVE-2017-10684 and CVE-2017-10685.