Hi Sven
On Wed, Sep 06, 2017 at 06:52:36PM +0200, Sven Joachim wrote:
> On 2017-07-19 20:30 +0200, Sven Joachim wrote:
>
> > Control: tags -1 - moreinfo
> >
> > On 2017-07-15 12:50 +0200, Sven Joachim wrote:
> >
> >> Control: tags -1 - confirmed
> >> Control: tags -1 + moreinfo
> >>
> >> On 2017-07-15 11:04 +0100, Adam D. Barratt wrote:
> >>
> >>> Control: tags -1 + confirmed d-i
> >>>
> >>> On Sun, 2017-07-09 at 19:30 +0200, Sven Joachim wrote:
> >>>> Recently a few flaws in the tic program and the tic library have been
> >>>> detected: null pointer dereference, buffer overflow, stack smashing, you
> >>>> name it. Six bugs have been reported in the Red Hat bugtracker and four
> >>>> CVEs assigned. Fortunately there are rather few users who would run
> >>>> affected programs at all, so it was decided that no DSA would be
> >>>> necessary.
> >>
> >> Unfortunately the fixes have caused a regression in infocmp, see
> >> #868266. I expect an upstream fix this night, but to properly test it
> >> and prepare new packages taking a bit more time seems advisable. So I
> >> guess we'll have to defer that for 9.2.
> >
> > The changes from the 20170715 patchlevel were a bit larger than I would
> > have liked, but applied with minimal tweaking to the stretch version.
> > Running "infocmp -C" on all the terminfo files in ncurses-{base,term}
> > showed no difference compared to the infocmp version currently in
> > stretch.
>
> Meanwhile seven new CVEs in the tic library and programs have been
> reported, and I would like to fix those as well, see the attached new
> debdiff. It contains all the library changes from the 20170826 upstream
> patchlevel and the program fixes of the 20170902 patchlevel. I have
> also attached the test cases for the 13 bugs reported in the Red Hat
> bugtracker.
Not a must, and note that is just a comment on my side, I'm not a SRM:
if possible add a bug closer as well to the changelog entry so that
when the point release happends, the correct fixed version is as well
propagated to the BTS bugs.
Regards,
Salvatore
