Date: Tue, 10 Oct 2000 19:05:17 -0700 From: Kris Kennaway <kris@citusc.usc.edu> To: Trevor Johnson <trevor@jpj.net> Cc: Mike Silbersack <silby@silby.com>, freebsd-security@FreeBSD.ORG, peter@FreeBSD.ORG Subject: Re: ncurses buffer overflows (fwd) Message-ID: <20001010190517.B5034@citusc17.usc.edu> In-Reply-To: <Pine.BSI.4.21.0010102142590.8787-100000@blues.jpj.net>; from trevor@jpj.net on Tue, Oct 10, 2000 at 09:55:15PM -0400 References: <Pine.BSF.4.21.0010101908580.4266-100000@achilles.silby.com> <Pine.BSI.4.21.0010102142590.8787-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 10, 2000 at 09:55:15PM -0400, Trevor Johnson wrote: > > Well, the advisory states that ncurses 5.0 and before are vulnerable. It > > looks like 5.1-prerelease is what 4.1+ are using. So, until we here more > > from warner/kris, I'm assuming that 4.0/3.x are vulnerable, but 4.1+ is > > safe. > > The fixes were applied in ncurses-20001007. We have ncurses-20000701. > > I'm attempting to prepare ncurses-20001009 for importing: > http://people.freebsd.org/~trevor/ncurses/ . I've mentioned it to Peter > Wemm. It needs more testing though (I haven't even done a "make world"). I believe Peter was also looking at this - I think he was basically ready to commit. Thanks for taking a look at it, though. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001010190517.B5034>