Date: Mon, 29 Apr 2002 12:46:49 -0400 (EDT) From: Trevor Johnson <trevor@jpj.net> To: security-officer@freebsd.org Cc: security@freebsd.org Subject: Re: [SECURITY] [DSA-113-1] New ncurses packages available (fwd) Message-ID: <20020429123756.O28880-100000@blues.jpj.net> In-Reply-To: <20020228081318.E12519-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
The new ncurses has not yet been imported into FreeBSD. The latest ncurses sources may be obtained by taking a patch from ftp://invisible-island.net/ncurses/5.2/ and applying it to the contents of ftp://invisible-island.net/ncurses/ncurses-5.2.tar.gz . On Thu, 28 Feb 2002, Trevor Johnson wrote: > I notice that advisory FreeBSD-SA-00:68 was last revised in November of > 2000 and that the ncurses in FreeBSD is still at version 5.0 990821. > -- > Trevor Johnson > > ---------- Forwarded message ---------- > Date: Mon, 18 Feb 2002 19:36:38 -0500 > From: Daniel Jacobowitz <dan@debian.org> > Reply-To: security@debian.org > To: debian-security-announce@lists.debian.org > Subject: [SECURITY] [DSA-113-1] New ncurses packages available > Resent-Date: 19 Feb 2002 00:36:44 -0000 > Resent-From: debian-security-announce@lists.debian.org > Resent-cc: recipient list not shown: ; > > -----BEGIN PGP SIGNED MESSAGE----- > > - --------------------------------------------------------------------------- > Debian Security Advisory DSA 113-1 security@debian.org > http://www.debian.org/security/ Daniel Jacobowitz > February 18th, 2002 > - --------------------------------------------------------------------------- > > Package : ncurses > Vulnerability : buffer overflow > Problem-Type : local > Debian-specific: no > > Several buffer overflows were fixed in the "ncurses" library in November > 2000. Unfortunately, one was missed. This can lead to crashes when using > ncurses applications in large windows. > > The Common Vulnerabilities and Exposures project (cve.mitre.org) has > assigned the name CAN-2002-0062 to this issue. > > This problem has been fixed for the stable release of Debian in version > 5.0-6.0potato2. The testing and unstable releases contain ncurses 5.2, > which is not affected by this problem. > > There are no known exploits for this problem, but we recommend that all > users upgrade ncurses immediately. > > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 2.2 alias potato > - ------------------------------------- > > Source archives: > http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.diff.gz > MD5 checksum: 2c0c40c35de8b07b7649574ce308611a > http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.dsc > MD5 checksum: caf2a7ccfc67675263f55100793f0cad > http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0.orig.tar.gz > MD5 checksum: 0fa25059bc5e1e947f3109a3a168e976 > > Architecture independent archives: > http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-base_5.0-6.0potato2_all.deb > MD5 checksum: 0ca630424256eb2940728a6728f01a3c > http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-term_5.0-6.0potato2_all.deb > MD5 checksum: 4bc592757f97d4569fac57a0ccbd7588 > > Alpha architecture: > http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dbg_5.0-6.0potato2_alpha.deb > MD5 checksum: 08c293eeeedbdd93277fbe6994c52225 > http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dev_5.0-6.0potato2_alpha.deb > MD5 checksum: e9e3a19ac97ac68209fc276db2063bec > http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5_5.0-6.0potato2_alpha.deb > MD5 checksum: c4bed7dc7d38816a522fe9967c474b35 > http://security.debian.org/dists/potato/updates/main/binary-alpha/ncurses-bin_5.0-6.0potato2_alpha.deb > MD5 checksum: 457492010fcce2cea5443cafd94ceace > > ARM architecture: > http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dbg_5.0-6.0potato2_arm.deb > MD5 checksum: 6b89760ebaef6f627a25f243abd40699 > http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dev_5.0-6.0potato2_arm.deb > MD5 checksum: 8340e7bf13a1c1ae6fe14306e630da46 > http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5_5.0-6.0potato2_arm.deb > MD5 checksum: 67774c92c2297c97ad014a1cbec541c8 > http://security.debian.org/dists/potato/updates/main/binary-arm/ncurses-bin_5.0-6.0potato2_arm.deb > MD5 checksum: 82aacabc17d3229604bf85c0406bef43 > > Intel ia32 architecture: > http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dbg_5.0-6.0potato2_i386.deb > MD5 checksum: 5c43981090144c8c19d37f455056dac9 > http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dev_5.0-6.0potato2_i386.deb > MD5 checksum: 476bd2329a991423df2fadf7097c710a > http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5_5.0-6.0potato2_i386.deb > MD5 checksum: ca7e31dc8bb7b2132732749a08ef520b > http://security.debian.org/dists/potato/updates/main/binary-i386/ncurses-bin_5.0-6.0potato2_i386.deb > MD5 checksum: 2029230b29eab7e755b0a533eff7fe10 > > Motorola 680x0 architecture: > http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dbg_5.0-6.0potato2_m68k.deb > MD5 checksum: 37ea741f71e3362de572ac55d357c36f > http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dev_5.0-6.0potato2_m68k.deb > MD5 checksum: 02277c7a29dcfd1eae01c8ee99487349 > http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5_5.0-6.0potato2_m68k.deb > MD5 checksum: 410c3aafee6114db71fefa4b0e8d9336 > http://security.debian.org/dists/potato/updates/main/binary-m68k/ncurses-bin_5.0-6.0potato2_m68k.deb > MD5 checksum: 0c29eb0df9813e96ee1af762814c60ff > > PowerPC architecture: > http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dbg_5.0-6.0potato2_powerpc.deb > MD5 checksum: 5ae0e15e15934c4d99478bcf8daf4ab4 > http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dev_5.0-6.0potato2_powerpc.deb > MD5 checksum: bb1c6f8484483cf51d37e433a394efb3 > http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5_5.0-6.0potato2_powerpc.deb > MD5 checksum: aa35b395dc84b64deea5ce950104f0bd > http://security.debian.org/dists/potato/updates/main/binary-powerpc/ncurses-bin_5.0-6.0potato2_powerpc.deb > MD5 checksum: c4256989a725e4d0afec510e1564ef8d > > Sun Sparc architecture: > http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dbg_5.0-6.0potato2_sparc.deb > MD5 checksum: 95059d9006f27b8ad479ffd5f2495a90 > http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dev_5.0-6.0potato2_sparc.deb > MD5 checksum: beda2b108219a348ae8330916bebd6de > http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5_5.0-6.0potato2_sparc.deb > MD5 checksum: 69979bab9a9b2716ea833221a7003a28 > http://security.debian.org/dists/potato/updates/main/binary-sparc/ncurses-bin_5.0-6.0potato2_sparc.deb > MD5 checksum: 2b516705006d27b0808a0aea77f4b724 > > - ---------------------------------------------------------------------------------- > For apt-get: deb http://security.debian.org/ stable/updates main > For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main > Mailing list: debian-security-announce@lists.debian.org > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>; > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iQCVAwUBPHGd9z5fjwqn/34JAQFp7gP/aanLFr70Fttn/kETgEV67MBR68B1sgQv > 5p2G4iM9DO5SlVGWPz+VS2q92eNZmrwl2WKI7+hu2v3X/23fStRzKJRkCijQKYTM > C0p5R76mIuDqZR0uwsJVwPwDvDL8gaeoul8p8r8PuwWDQj/6Skwq8UbBuMHDp1uL > DgMswLMUQt8= > =GYGr > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020429123756.O28880-100000>