Skip to content
This repository has been archived by the owner on Oct 10, 2023. It is now read-only.

0.367.0
Compare
Choose a tag to compare
@cf-buildpacks-eng cf-buildpacks-eng released this 23 May 14:52
· 2 commits to main since this release
0.367.0
8dea53c

Notably, this release addresses:

USN-6099-1 USN-6099-1: ncurses vulnerabilities:

  • CVE-2019-17594: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
  • CVE-2019-17595: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
  • CVE-2021-39537: An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
  • CVE-2022-29458: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
  • CVE-2023-29491: ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
  • CVE-2021-39537: An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
  • CVE-2023-29491: ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
  • CVE-2022-29458: ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
  • CVE-2019-17594: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
  • CVE-2019-17595: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
-ii  libncurses5:amd64     6.1-1ubuntu1.18.04   amd64 shared libraries for terminal handling
-ii  libncurses5-dev:amd64 6.1-1ubuntu1.18.04   amd64 developer's libraries for ncurses
-ii  libncursesw5:amd64    6.1-1ubuntu1.18.04   amd64 shared libraries for terminal handling (wide character support)
+ii  libncurses5:amd64     6.1-1ubuntu1.18.04.1 amd64 shared libraries for terminal handling
+ii  libncurses5-dev:amd64 6.1-1ubuntu1.18.04.1 amd64 developer's libraries for ncurses
+ii  libncursesw5:amd64    6.1-1ubuntu1.18.04.1 amd64 shared libraries for terminal handling (wide character support)
-ii  libtinfo-dev:amd64    6.1-1ubuntu1.18.04   amd64 developer's library for the low-level terminfo library
-ii  libtinfo5:amd64       6.1-1ubuntu1.18.04   amd64 shared low-level terminfo library for terminal handling
+ii  libtinfo-dev:amd64    6.1-1ubuntu1.18.04.1 amd64 developer's library for the low-level terminfo library
+ii  libtinfo5:amd64       6.1-1ubuntu1.18.04.1 amd64 shared low-level terminfo library for terminal handling
-ii  ncurses-base          6.1-1ubuntu1.18.04   all   basic terminal type definitions
-ii  ncurses-bin           6.1-1ubuntu1.18.04   amd64 terminal-related programs and man pages
+ii  ncurses-base          6.1-1ubuntu1.18.04.1 all   basic terminal type definitions
+ii  ncurses-bin           6.1-1ubuntu1.18.04.1 amd64 terminal-related programs and man pages
Assets 3
Loading