Control: tag -1 moreinfo On Sun, Jul 9, 2017 at 19:30:55 +0200, Sven Joachim wrote:
> Package: release.debian.org > Severity: normal > Tags: stretch > User: release.debian....@packages.debian.org > Usertags: pu > > Recently a few flaws in the tic program and the tic library have been > detected: null pointer dereference, buffer overflow, stack smashing, you > name it. Six bugs have been reported in the Red Hat bugtracker and four > CVEs assigned. Fortunately there are rather few users who would run > affected programs at all, so it was decided that no DSA would be > necessary. > Hi Sven, Do you know what the reverse dependencies of the tic program or library are in Debian, and whether any of them commonly process untrusted terminfo data (though I know that's not an easy thing to paint as black/white)? Thanks, Julien
