[OE-core] [sumo] [PATCH v1 1/2] ncurses: CVE-2018-10754
Sinan Kaya
okaya at kernel.org
Fri Oct 5 04:48:32 UTC 2018
On 10/4/2018 11:55 PM, Sinan Kaya wrote:
> * CVE-2018-10754
> A NULL pointer dereference was found in the way the _nc_parse_entry
> function parses terminfo data for compilation. An attacker able to provide
> specially crafted terminfo data could use this flaw to crash the
> application parsing it.
>
> Affects < 6.1.20180414
>
> CVE: CVE-2018-10754
> Ref:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10754
> Signed-off-by: Sinan Kaya<okaya at kernel.org>
Self NAK on this ncurses patch only. This broke docker.
The rest of the patches looked good to me.
More information about the Openembedded-core
mailing list