Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted ncurses 6.4-3 (source) into unstable
Date: Sat, 06 May 2023 15:49:10 +0000
Signed by: Sven Joachim <svenjoac@gmx.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 06 May 2023 17:16:54 +0200
Source: ncurses
Architecture: source
Version: 6.4-3
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Changes:
 ncurses (6.4-3) unstable; urgency=medium
 .
   * Configure with "--disable-root-environ" to disallow loading of
     custom terminfo entries in setuid/setgid programs, mitigating the
     impact of CVE-2023-29491 (see #1034372).
     - Update the symbols files for the newly exported symbol
       _nc_env_access.
     - New patch fix-configure-root-args-option.diff cherry-picked from
       the 20230415 patchlevel, fixing a copy/paste error which caused
       the "--disable-root-environ" configure option to pick up code
       meant to be used by the "--disable-root-args" option instead.
     - New patch debian-env-access.diff, changing the behavior of the
       "--disable-root-environ" configure option to not restrict programs
       run by the superuser, equivalent to the "--disable-setuid-environ"
       option introduced in the 20230423 patchlevel.
Checksums-Sha1:
 631531a274880bce227b7548093ea3a46407a703 4110 ncurses_6.4-3.dsc
 b1a873075026a4ef2a9b4f448133dad7c38c02f0 56424 ncurses_6.4-3.debian.tar.xz
 3022c39dd3c9adb87a4e35cf1c7f5414295029fc 5659 ncurses_6.4-3_source.buildinfo
Checksums-Sha256:
 36c076242b90abf0d0479c0699994157a5d7998f9c8b1be1928cd6a85e700c5d 4110 ncurses_6.4-3.dsc
 64c7ded4c730fd1d3460499c10cc109ef128fa73d81acfe48a3629901745fd08 56424 ncurses_6.4-3.debian.tar.xz
 6247047d56460c13c126a4651774f744edcdf0f4999e9f0198a68d43c3fa8334 5659 ncurses_6.4-3_source.buildinfo
Files:
 77915ce4a532b619dfd9d103398e2a72 4110 libs required ncurses_6.4-3.dsc
 ae69a0850282fac41898b673ecfcccc4 56424 libs required ncurses_6.4-3.debian.tar.xz
 4c41ebee904cfae19144aff3caabbaaf 5659 libs required ncurses_6.4-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAmRWcJkACgkQOxBucY1r
Mayedg//f58ZYvyLMafK5An1X+//FpRrFl3MJKHXzHsd4TmYu9TRP6+EZws8Yi+x
97hCYWkALtCisKN7dUO4YRTMOScOC9IZyKNe+sKn2hgYIbnX/x4dFESTzZu5ztq6
+VdABglw8w2CT0DZyMV32odd16CQ69Hmdz2cOydgIYlFRHs4oM1Gzt3/MXHUYW1w
GEblDXcC216i6lZuI4CStyCO/PA4v+uimESca8gzDeXmR4GO48ZxyVTN6YoX23wf
QBUmo94dH5mIYsxzmE44GYunIgEY36Mfsfx6VuYiTVmYuwJX16dGQhuyM6J0PTFf
OD9AnDx11JTRZFzKocvC8N1omKy602tg538l4d+ZbrTBXdHviEqAq7kRkUj9GAlG
nBS82Yyce7kcj9Ah9fmAyK32L+f4v5nyOl7woUG7+0kCHAC9/DSZfao8mU5qjXUk
/xhnTrn6OxFB7Nsy20NKIn4an7IYfk7Ek4efzTKFc0o98KM8m2H5svUf7nisgjX8
e8iUJko7oNvBlxaQPAsQnkcdSDyO8CtbKXaH7GaJJA8aw7rCs88/pGwKklci1exA
0LkkUzh5Fz9KzqKaqIpKkWk5UCw3z8lA1eCB1+fZDOBQj3BBt9iCRKxdBgNzwbat
Ux9RyK/s0fSWMWTsnePAB0MEfatCjOVb8cWuXPm4fvEeXWezSLc=
=NXUN
-----END PGP SIGNATURE-----
News for package ncurses
