From owner-freebsd-security  Tue Oct 10 19: 6:11 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id BBB8737B503
	for <freebsd-security@FreeBSD.ORG>; Tue, 10 Oct 2000 19:06:06 -0700 (PDT)
Received: (qmail 4784 invoked by uid 1000); 11 Oct 2000 02:09:33 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 11 Oct 2000 02:09:33 -0000
Date: Tue, 10 Oct 2000 21:09:33 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Trevor Johnson <trevor@jpj.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ncurses buffer overflows (fwd)
In-Reply-To: <Pine.BSI.4.21.0010102142590.8787-100000@blues.jpj.net>
Message-ID: <Pine.BSF.4.21.0010102108020.4661-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Tue, 10 Oct 2000, Trevor Johnson wrote:

> The fixes were applied in ncurses-20001007.  We have ncurses-20000701.
> 
> I'm attempting to prepare ncurses-20001009 for importing:  
> http://people.freebsd.org/~trevor/ncurses/ .  I've mentioned it to Peter
> Wemm.  It needs more testing though (I haven't even done a "make world").

Is the patch just to not read .terminfo from the current directory when
executing setuid+setgid apps?  (Just checking if it's the same as the
patch that openbsd has applied.)

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message