cf40c65bda41f6a1a34e155b2a7988029842bcba - third_party/overlays/portage-stable

commit	cf40c65bda41f6a1a34e155b2a7988029842bcba	[log] [tgz]
author	Oleksandr Tymoshenko <ovt@google.com>	Tue Oct 05 20:55:34 2021 +0000
committer	Oleksandr Tymoshenko <ovt@google.com>	Tue Oct 12 04:29:25 2021 +0000
tree	63c593de46799a7fc6d87b87d7f72a377aa26484
parent	7d5a8b79b63e6aa681f2eb57f068de62809c08e5 [diff]

LAKITU: Backport fix for CVE-2021-39537 from ncurses 6.2

Backport fix for heap-based stack overflow in _nc_captoinfo
from the upstream commit 790a85db ("ncurses 6.2 - patch 20200531")

BUG=b/201918009
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2021-39537 in ncurses package

cos-patch: security-moderate
Change-Id: Ia0415435eb62c3275fcfdeb43824094abaf6fbf2
Reviewed-on: https://cos-review.googlesource.com/c/third_party/overlays/portage-stable/+/23412
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>

sys-libs/ncurses/files/ncurses-5.9-fix-cve-2021-39537.patch[Added - diff]
sys-libs/ncurses/ncurses-5.9-r9.ebuild[Renamed from sys-libs/ncurses/ncurses-5.9-r8.ebuild - diff]

2 files changed

tree: 63c593de46799a7fc6d87b87d7f72a377aa26484