---
- branch: MAIN
  date: Tue Aug  8 18:38:21 UTC 2017
  files:
  - new: '1.95'
    old: '1.94'
    path: pkgsrc/devel/ncurses/Makefile
    pathrev: pkgsrc/devel/ncurses/Makefile@1.95
    type: modified
  - new: '1.32'
    old: '1.31'
    path: pkgsrc/devel/ncurses/distinfo
    pathrev: pkgsrc/devel/ncurses/distinfo@1.32
    type: modified
  - new: '1.1'
    old: '0'
    path: pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c
    pathrev: pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_alloc__entry.c@1.1
    type: added
  - new: '1.1'
    old: '0'
    path: pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c
    pathrev: pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_parse__entry.c@1.1
    type: added
  - new: '1.14'
    old: '1.13'
    path: pkgsrc/devel/ncursesw/Makefile
    pathrev: pkgsrc/devel/ncursesw/Makefile@1.14
    type: modified
  id: 20170808T183821Z.d310329b1e4879d476c04c69b66c85c2b1fa3758
  log: |
    patches from
    ftp://invisible-island.net/ncurses/6.0/ncurses-6.0-20170701.patch.gz
    + add/improve checks in tic's parser to address invalid input
     (Redhat #1464684, #1464685, #1464686, #1464691).
     + alloc_entry.c, add a check for a null-pointer.
     + parse_entry.c, add several checks for valid pointers as well as
       one check to ensure that a single character on a line is not
       treated as the 2-character termcap short-name.

    that's CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel'
  unixtime: '1502217501'
  user: spz