[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tic Buffer Overflow
|
From: |
Thomas Dickey |
|
Subject: |
Re: tic Buffer Overflow |
|
Date: |
Thu, 23 Nov 2017 07:37:49 -0500 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Thu, Nov 23, 2017 at 12:11:47AM -0500, Hosein Askari wrote:
>
> To whom it may concern,
Just to remind people of longstanding policy:
a) don't send html mail. If it's an attachment viewable in lynx, I'll
piece it together. This report is too badly mangled to make sense of.
Perhaps I can cut/paste from the mailing-list archive.
That was the only reason that I approved this posting.
b) when citing bug reports, report against the development version.
This report cites neither the release version, nor a current development
version:
Stack-based Buffer Overflow #CVE: CVE-2017-16879 #CWE: CWE-119
#Exploit Author: Hosein Askari #Vendor HomePage:
https://www.gnu.org/software/ncurses/ #Version : 6.0.20160213 #Tested
on: Ubuntu 16.04 #Category: Application #Author Mail :
address@hidden #Description: Stack-based buffer overflow in the
c) when reporting against a package done by some distributors, start
by referencing the bug report in that system.
I don't see a bug report cited, nor is there one on "launchpad".
There were several fixes made this year in the area which you are
reporting. If you have a followup report, it will be dealt with.
--
Thomas E. Dickey <address@hidden>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: Digital signature