Debian Security Advisory

DSA-113-1 ncurses -- buffer overflow

Date Reported:
18 Feb 2002
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2002-0062.
More information:

Several buffer overflows were fixed in the "ncurses" library in November 2000. Unfortunately, one was missed. This can lead to crashes when using ncurses applications in large windows.

The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0062 to this issue.

This problem has been fixed for the stable release of Debian in version 5.0-6.0potato2. The testing and unstable releases contain ncurses 5.2, which is not affected by this problem.

There are no known exploits for this problem, but we recommend that all users upgrade ncurses immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Architecture-independent component:
Intel ia32:
Motorola 680x0:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.