1
Candidate: CVE-2017-16879
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16879
5
http://invisible-island.net/ncurses/NEWS.html#t20171125
6
http://packetstormsecurity.com/files/145045/GNU-ncurses-6.0-tic-Denial-Of-Service.html
8
Stack-based buffer overflow in the _nc_write_entry function in
9
tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of
10
service (application crash) or possibly execute arbitrary code via a
11
crafted terminfo file, as demonstrated by tic.
14
sarnold> The Debian bug suggests tic(1) is the only caller, in which case
15
this would be a 'low' bug; I couldn't quickly verify this claim.
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882620
24
upstream_ncurses: released (6.0+20171125-1)
25
precise/esm_ncurses: needs-triage
26
trusty_ncurses: needs-triage
27
xenial_ncurses: needs-triage
28
zesty_ncurses: ignored (reached end-of-life)
29
artful_ncurses: needs-triage
30
bionic_ncurses: needs-triage
31
devel_ncurses: needs-triage