From 52d0f351062da730055ffc6b953ff4e68ddb437f Mon Sep 17 00:00:00 2001
From: Ovidiu Panait <ovidiu.panait@windriver.com>
Date: Wed, 20 Sep 2017 13:13:49 +0300
Subject: ncurses: CVE-2017-13732, CVE-2017-13734, CVE-2017-13730,
 CVE-2017-13729, CVE-2017-13728, CVE-2017-13731

There is an illegal address access in the function dump_uses() in progs/dump_entry.c
in ncurses 6.0 that might lead to a remote denial of service attack.

There is an illegal address access in the _nc_safe_strcat function in
strings.c in ncurses 6.0 that will lead to a remote denial of service attack.

There is an illegal address access in the function _nc_read_entry_source()
in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.

There is an illegal address access in the _nc_save_str function in
alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.

There is an infinite loop in the next_char function in comp_scan.c in
ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

There is an illegal address access in the function postprocess_termcap()
in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.

References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13734
https://nvd.nist.gov/vuln/detail/CVE-2017-13732
https://nvd.nist.gov/vuln/detail/CVE-2017-13731
https://nvd.nist.gov/vuln/detail/CVE-2017-13730
https://nvd.nist.gov/vuln/detail/CVE-2017-13729
https://nvd.nist.gov/vuln/detail/CVE-2017-13728

Upstream patch:
https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=129aac80802d997b86ab0663836b7fdafb8e3926

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 meta/recipes-core/ncurses/ncurses_6.0+20170715.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-core/ncurses/ncurses_6.0+20170715.bb')

diff --git a/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb b/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb
index 127394c006..d1da5d16e0 100644
--- a/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.0+20170715.bb
@@ -3,6 +3,7 @@ require ncurses.inc
 SRC_URI += "file://0001-tic-hang.patch \
             file://0002-configure-reproducible.patch \
             file://config.cache \
+            file://CVE-2017-13732-CVE-2017-13734-CVE-2017-13730-CVE-2017-13729-CVE-2017-13728-CVE-2017-13731.patch \
 "
 # commit id corresponds to the revision in package version
 SRCREV = "52681a6a1a18b4d6eb1a716512d0dd827bd71c87"
-- 
cgit 1.2.3-korg