[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ncurses patch?
From: |
Thomas Dickey |
Subject: |
Re: ncurses patch? |
Date: |
Thu, 30 Nov 2000 19:52:58 -0500 |
User-agent: |
Mutt/1.2.5i |
On Thu, Nov 30, 2000 at 04:41:45PM -0800, Eugene Lee wrote:
> >From the latest SANS announcment (Security Alert Consensus #073),
> there was something about ncurses:
>
> *** {00.49.006} Linux - Update {00.45.041}: ncurses library buffer
> overflows
>
> Debian and Red Hat have released updated ncurses packages that fix the
> vulnerability discussed in {00.45.041} ("ncurses library buffer
> overflows").
>
> Do these patches affect ncurses 5.2? Will patches be available?
> Or are these problems Linux-specific?
Debian's patch: I was just looking at it tonight - it isn't as good as what I
did incorporate into 5.2 (at the time I saw those differences I did point out
why they weren't acceptable, but got no response). They're patching 5.0, which
complicates things, but someone at FreeBSD did ask me nicely and I put together
a patch for 5.0 a few weeks ago (that's a better starting point).
Redhat prefers to put their source where I cannot find it, so I can't comment
on what they've got.
--
Thomas E. Dickey <address@hidden>
http://dickey.his.com
ftp://dickey.his.com
- ncurses patch?, Eugene Lee, 2000/11/30
- Re: ncurses patch?,
Thomas Dickey <=