Is there a small patch to fix the CVE-2023-29491?

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is there a small patch to fix the CVE-2023-29491?

From:	wanghaitao (G)
Subject:	Is there a small patch to fix the CVE-2023-29491?
Date:	Wed, 19 Apr 2023 06:18:14 +0000

Dear Thomas Dickey,

May I ask if there is a small patch specifically for fixing CVE-2023-29491? 
I found that you fixed this CVE in this patch you released on April 8th, but 
this patch contains other modifications as well.
http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56

And I found the ncurses doesn't have a git repo, which means I can't find the 
commit that only fix this CVE.

A patch contains docs and miscellaneous changes will make our maintenance work 
difficult. I found that the oss-security community has also noticed this issue 
too.
https://seclists.org/oss-sec/2023/q2/23

So could you please provide a patch that only fixes this CVE? If so, I would be 
very grateful.

Best regards,

Wang Haitao

[Prev in Thread]

Current Thread

[Next in Thread]

Is there a small patch to fix the CVE-2023-29491?, wanghaitao (G), 2023/04/19
- Is there a small patch to fix the CVE-2023-29491?, wanghaitao (G) <=
  - Re: Is there a small patch to fix the CVE-2023-29491?, Thomas Dickey, 2023/04/19

Prev by Date: ANN: ncurses-6.4-20230418
Next by Date: Is there a small patch to fix the CVE-2023-29491?
Previous by thread: Is there a small patch to fix the CVE-2023-29491?
Next by thread: Re: Is there a small patch to fix the CVE-2023-29491?
Index(es):
- Date
- Thread