-
ncurses (6.2-0ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in the _nc_captoinfo function
- debian/patches/CVE-2021-39537.patch: add a check for end-of-string in
cvtchar to handle a malformed string in infotocap.
- CVE-2021-39537
* SECURITY UPDATE: out-of-bounds read in the convert_strings function
- debian/patches/CVE-2022-29458.patch:add a limit-check to guard against
corrupt terminfo data.
- CVE-2022-29458
* SECURITY UPDATE: memory corruption when processing malformed terminfo data
entries loaded by setuid/setgid programs
- debian/patches/CVE-2023-29491-mitigation.patch: change the
--disable-root-environ configure option behavior.
- debian/rules: set --disable-root-environ in configuration options.
- debian/libtinfo5.symbols, debian/libtinfo6.symbols: add _nc_env_access
to symbols files.
- CVE-2023-29491
* debian/patches/fix-off-by-one-loop-convert-strings.patch: correct an
off-by-one loop-limit in convert_strings function.
-- Camila Camargo de Matos <email address hidden> Tue, 16 May 2023 15:47:48 -0300
-
ncurses (6.2-0ubuntu2) focal; urgency=medium
* New upstream version.
-- Matthias Klose <email address hidden> Wed, 26 Feb 2020 08:14:26 +0100
-
ncurses (6.2-0ubuntu1) focal; urgency=medium
* New upstream version.
-- Matthias Klose <email address hidden> Wed, 26 Feb 2020 08:14:26 +0100
-
ncurses (6.1+20191019-1ubuntu1) focal; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add a simple autopkgtest to the package.
- Build x32 packages.
- Build lib32 packages on s390x.
ncurses (6.1+20191019-1) unstable; urgency=medium
* New upstream patchlevel.
- Fix several errata in tic (Closes: #942401).
+ Check for invalid hashcode in _nc_find_type_entry
and nc_find_name_entry (CVE-2019-17594).
+ Check for invalid hashcode in _nc_find_entry.
+ Check for missing character after backslash in fmt_entry
(CVE-2019-17595).
* Refresh patch 03-debian-ncursesconfig-omit-L.diff.
* Support additional build profiles:
- Skip building ABI 5 libraries in a pkg.ncurses.nolegacy build profile.
- Skip building the examples in a pkg.ncurses.noexamples build profile.
- Do not build libtinfo6-udeb in the noudeb build profile.
* Add a "Replaces: alacritty (<< 0.3.4~)" to ncurses-term
(Closes: #933386).
* Add a Salsa CI pipeline in debian/gitlab-ci.yml.
* Export BUILD_{C,CPP,LD}FLAGS in debian/rules, making blhc happy.
* Upgrade Standards-Version to 4.4.1, no changes needed.
-- Gianfranco Costamagna <email address hidden> Sat, 26 Oct 2019 10:24:28 +0200
-
ncurses (6.1+20190803-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add a simple autopkgtest to the package.
- Build x32 packages.
- Build lib32 packages on s390x.
ncurses (6.1+20190803-1) unstable; urgency=medium
* New upstream patchlevel.
- Amend the change to screen, because tmux relies upon that entry
and does not support that feature (Closes: #933572).
* New patch 02-debian-drop-rin-from-screen-256color.diff: remove "rin"
also from screen-256color, used by some tmux users as their $TERM.
* Drop patch fix-tabs-manpage-installation.diff, applied upstream.
* Refresh patch 02-debian-backspace.diff after upstream changes to
the screen terminfo description.
-- Gianfranco Costamagna <email address hidden> Fri, 09 Aug 2019 12:18:58 +0200