[SECURITY] [DLA 3167-1] ncurses security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3167-1] ncurses security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 29 Oct 2022 08:51:46 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2210290848420.5044@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3167-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
October 29, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : ncurses
Version        : 6.1+20181013-2+deb10u3
CVE ID         : CVE-2022-29458

An issue has been found in ncurses, a collection of shared libraries forterminal handling.This issue is about an out-of-bounds read in convert_strings in theterminfo library.



For Debian 10 buster, this problem has been fixed in version
6.1+20181013-2+deb10u3.

We recommend that you upgrade your ncurses packages.

For the detailed security status of ncurses please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ncurses

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LT
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmNc6aJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfTHw//XBemmIvDLVAQ2XGTSRfMTRL6uF34yQoEU6sloyr/fzjYImkMGS15rMKl
ROcTIpmJzckvdSrlC5ryKACinYLd+ztROrkQWbEo1IaqDIomxdnIF6q3zEC4eL3Y
nbXyFfRfI4xd/f8CRrFR/aQoXRCBn+fFSdxoSLGUfw/zRE2MEnBCt4Y/kMeeS05p
KhRz/YeMA+klRpe6sv4uLwk8F4xaCNWxUqHLTbShhGVc8pHooMDgOIsD7h8OdXbr
3/N/DL/WgEsd90tLPPYhZof0ojY80hjpEysryGMEy4Ybr5jwN6xDRbM965UmVLGP
BmnK4S+C65/7c9LUTBAK1+i6HsvBR/5NgP7OTC47y13TSnM3SQP+ZVGO0BQcrHDA
ylamP4uAtGDhXuuIpE4mNKlI0oANsayu427n6JcOkqGBdgnnkSjqZvvZDrAlS04j
gG0AAMnn1O/W8ZDTVo/Nugx0/fAlqPabae3ndkDzS/jXaxQqTF8SVoHPARiWBeVu
lPCOVUFnHmMIWKUArEJctXa3SbOEF72oM+ogbfQHV7ZTZudeAXooE9Uko5cTE7Ol
XJIdEzOzU23u4WCmEo3oUvcAHiYDLA9pbDEPs9gHkYXmQhA08teLvzQRw/7rw3DF
cwTvnTeGtqFXJL7GI0ZEGlIg4IxggT7YQAJZ7z84YlKJtV45eMM=
=HgrA
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3168-1] openvswitch security update
Next by Date: [SECURITY] [DLA 3169-1] batik security update
Previous by thread: [SECURITY] [DLA 3168-1] openvswitch security update
Next by thread: [SECURITY] [DLA 3169-1] batik security update
Index(es):
- Date
- Thread