[Midnightbsd-cvs] [MidnightBSD/src] a86f24: ncurses: fix CVE-2025-6141 buffer overflow in post...
Lucas Holt
noreply at github.com
Wed Jun 10 22:24:32 EDT 2026
Branch: refs/heads/stable/4.0
Home: https://github.com/MidnightBSD/src
Commit: a86f2452ce56065576d526dc842a2c3de7a72ece
https://github.com/MidnightBSD/src/commit/a86f2452ce56065576d526dc842a2c3de7a72ece
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-10 (Wed, 10 Jun 2026)
Changed paths:
M contrib/ncurses/ncurses/tinfo/parse_entry.c
Log Message:
-----------
ncurses: fix CVE-2025-6141 buffer overflow in postprocess_termcap
Backport buffer-limit check from ncurses 6.5-20250329 (fix by
Thomas Dickey, report/testcase by Yifan Zhang).
The ko capability processing loop in postprocess_termcap() copies
termcap string values into buf2[MAX_TERMINFO_LENGTH] without bounds
checking, allowing a stack-based buffer overflow via a crafted
termcap entry.
Co-Authored-By: Claude Sonnet 4.6 <noreply at anthropic.com>
Commit: ceedba5dffb2c7cc242395dfe414d306d4d63fc1
https://github.com/MidnightBSD/src/commit/ceedba5dffb2c7cc242395dfe414d306d4d63fc1
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-06-10 (Wed, 10 Jun 2026)
Changed paths:
M UPDATING
Log Message:
-----------
UPDATING: note ncurses CVE-2025-6141
Co-Authored-By: Claude Sonnet 4.6 <noreply at anthropic.com>
Compare: https://github.com/MidnightBSD/src/compare/ac9d53b22bda...ceedba5dffb2
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list