]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2a97ba8) | patch
ncurses: Fix CVE-2022-29458
authorDan Tran <MSFT.DanTran@gmail.com>
Tue, 31 May 2022 17:15:17 +0000 (10:15 -0700)
committerSteve Sakoman <steve@sakoman.com>
Wed, 1 Jun 2022 15:25:36 +0000 (05:25 -1000)
commit2287d591cf32f5580ea6679805d04c3a5146ecd5
tree343dc64ab6a00f4afeeb1dbb3986b807679a677dtree
parent2a97ba89f236b751b333622fbbc14180e9b72245commit | diff
ncurses: Fix CVE-2022-29458

ncurses 6.3 before patch 20220416 has an out-of-bounds read and
segmentation violation in convert_strings in tinfo/read_entry.c in the
terminfo library.

Backported from the link below, extracting only the relevant changes.
https://github.com/ThomasDickey/ncurses-snapshots/commit/9d1d651878d4bf0695872a64cc65ba0acb825f36

Signed-off-by: Gustavo Lima Chaves <gustavo.chaves@microsoft.com>
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/ncurses/files/CVE-2022-29458.patch [new file with mode: 0644] blob
meta/recipes-core/ncurses/ncurses_6.2.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core