[14675] in bugtraq
Re: freebsd libncurses overflow
daemon@ATHENA.MIT.EDU (Bill Fumerola)
Wed Apr 26 02:54:29 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000424151315.Z397@jade.chc-chimes.com>
Date: Mon, 24 Apr 2000 15:13:15 -0400
Reply-To: Bill Fumerola <billf@CHC-CHIMES.COM>
From: Bill Fumerola <billf@CHC-CHIMES.COM>
X-To: Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000424143313.B50999@lubi.freebsd.lublin.pl>; from
venglin@FREEBSD.LUBLIN.PL on Mon, Apr 24, 2000 at 02:33:13PM +0200
On Mon, Apr 24, 2000 at 02:33:13PM +0200, Przemyslaw Frasunek wrote:
> * Vulnerable Versions
>
> - 3.4-STABLE -- vulnerable
> - 4.0-STABLE -- not tested (probably *not* vulnerable)
> - 5.0-CURRENT -- *not* vulnerable
Isn't this an ncurses problem and not a FreeBSD problem? If later versions of FreeBSD
aren't vulnerable, its probably only because they have a more recent version of ncurses.
Wouldn't it be more proper to mention the version of _ncurses_ with this problem?
The code is simply imported from:
revision 1.1.1.1
date: 1999/08/24 01:06:35; author: peter; state: Exp; lines: +0 -0
Import unmodified (but trimmed) ncurses 5.0 prerelease 990821.
This contains the full eti (panel, form, menu) extensions.
bmake glue to follow.
Obtained from: ftp://ftp.clark.net/pub/dickey/ncurses
--
Bill Fumerola - Network Architect
Computer Horizons Corp - CVM
e-mail: billf@chc-chimes.com / billf@FreeBSD.org
Office: 800-252-2421 x128 / Cell: 248-761-7272
PS. Not speaking on behalf of FreeBSD.
