[Midnightbsd-cvs] [MidnightBSD/src] 3bc063: ncurses: fix CVE-2025-6141 buffer overflow in post...
Lucas Holt
noreply at github.com
Wed Jun 10 22:24:17 EDT 2026
Branch: refs/heads/stable/4.1
Home: https://github.com/MidnightBSD/src
Commit: 3bc063167372d2718710e27bea22d62ff7ecbd02
https://github.com/MidnightBSD/src/commit/3bc063167372d2718710e27bea22d62ff7ecbd02
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-10 (Wed, 10 Jun 2026)
Changed paths:
M contrib/ncurses/ncurses/tinfo/parse_entry.c
Log Message:
-----------
ncurses: fix CVE-2025-6141 buffer overflow in postprocess_termcap
Backport buffer-limit check from ncurses 6.5-20250329 (fix by
Thomas Dickey, report/testcase by Yifan Zhang).
The ko capability processing loop in postprocess_termcap() copies
termcap string values into buf2[MAX_TERMINFO_LENGTH] without bounds
checking, allowing a stack-based buffer overflow via a crafted
termcap entry.
Co-Authored-By: Claude Sonnet 4.6 <noreply at anthropic.com>
Commit: 3564a00b03ea685aedea23c65a5dadacf42000c2
https://github.com/MidnightBSD/src/commit/3564a00b03ea685aedea23c65a5dadacf42000c2
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-10 (Wed, 10 Jun 2026)
Changed paths:
M UPDATING
Log Message:
-----------
UPDATING: note ncurses CVE-2025-6141
Co-Authored-By: Claude Sonnet 4.6 <noreply at anthropic.com>
Compare: https://github.com/MidnightBSD/src/compare/b2d3bf11a52e...3564a00b03ea
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list