[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ncurses patch?

From: Thomas Dickey
Subject: Re: ncurses patch?
Date: Thu, 30 Nov 2000 19:52:58 -0500
User-agent: Mutt/1.2.5i

On Thu, Nov 30, 2000 at 04:41:45PM -0800, Eugene Lee wrote:
> >From the latest SANS announcment (Security Alert Consensus #073),
> there was something about ncurses:
>       *** {00.49.006} Linux - Update {00.45.041}: ncurses library buffer
>                       overflows
>       Debian and Red Hat have released updated ncurses packages that fix the
>       vulnerability discussed in {00.45.041} ("ncurses library buffer
>       overflows").
> Do these patches affect ncurses 5.2?  Will patches be available?
> Or are these problems Linux-specific?

Debian's patch:  I was just looking at it tonight - it isn't as good as what I
did incorporate into 5.2 (at the time I saw those differences I did point out
why they weren't acceptable, but got no response).  They're patching 5.0, which
complicates things, but someone at FreeBSD did ask me nicely and I put together
a patch for 5.0 a few weeks ago (that's a better starting point).

Redhat prefers to put their source where I cannot find it, so I can't comment
on what they've got.

Thomas E. Dickey <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]