ncurses - Debian Package Tracker

general

source: ncurses (main)
version: 6.6+20251231-1
maintainer: Ncurses Maintainers (DMD)
uploaders: Sven Joachim [DMD] [DM] – Craig Small [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 6.2+20201114-2+deb11u2
oldstable: 6.4-4
stable: 6.5+20250216-2
testing: 6.6+20251231-1
unstable: 6.6+20251231-1

versioned links

6.2+20201114-2+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.4-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.5+20250216-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.6+20251231-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

lib32ncurses-dev
lib32ncurses6
lib32ncursesw6
lib32tinfo6
lib64ncurses-dev
lib64ncurses6
lib64ncursesw6
lib64tinfo6
libncurses-dev (1 bugs: 0, 0, 1, 0)
libncurses6
libncursesw6
libncursesw6-udeb
libtinfo6 (1 bugs: 0, 1, 0, 0)
libtinfo6-udeb
ncurses-base (8 bugs: 0, 2, 6, 0)
ncurses-bin (4 bugs: 0, 1, 3, 0)
ncurses-doc (5 bugs: 0, 1, 4, 0)
ncurses-examples
ncurses-term (2 bugs: 0, 1, 1, 0)

action needed

3 security issues in bullseye high

There are 3 open security issues in bullseye.

1 important issue:

CVE-2025-69720: The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

2 issues postponed or untriaged:

CVE-2025-6141: (postponed; to be fixed through a stable update) A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2023-50495: (needs triaging) NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

Created: 2026-03-21 Last update: 2026-03-27 15:00

7 bugs tagged patch in the BTS normal

The BTS contains patches fixing 7 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2026-03-28 03:00

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 6.6+20251231-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 2d238cf3875f1a0a7c874f0a9b14f7582d19907a
Author: Sven Joachim <svenjoac@gmx.de>
Date:   Sat Jan 24 20:37:31 2026 +0100

    Convert the watch files to version 5

commit afee7675c395951ac92ca5bf3a393410931c396c
Author: Sven Joachim <svenjoac@gmx.de>
Date:   Sat Jan 24 20:23:04 2026 +0100

    Update upstream signing key
    
    The key had expired on 2026-01-18, update has a published a refreshed
    version at
    https://invisible-island.net/public/dickey@invisible-island.net-rsa3072.asc.
    
    Unfortunately we cannot simply replace the current key with a minimal
    export of the new one, as that would break verification of the current
    version when dpkg-source creates the source package, see
    https://gitlab.com/sequoia-pgp/sequoia/-/issues/1105.
    
    To keep both dpkg-source and uscan happy, we need both the expired
    self-sig and the new one, I merged them with the following two commands:
    
    $ gpg --export --armor --export-options export-minimal 19882D92DDA4C400C22C0D56CC2AF4472167BE03 >> debian/upstream/signing-key.asc
    $ sq keyring merge --overwrite --output debian/upstream/signing-key.asc debian/upstream/signing-key.asc
    
    When we update to a newer upstream patchlevel, we can minimize the key
    again.

Created: 2026-01-25 Last update: 2026-03-28 02:01

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2025-6141: (needs triaging) A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2025-69720: (needs triaging) The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-06-17 Last update: 2026-03-27 15:00

3 low-priority security issues in bookworm low

There are 3 open security issues in bookworm.

3 issues left for the package maintainer to handle:

CVE-2025-6141: (needs triaging) A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2023-50495: (needs triaging) NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
CVE-2025-69720: (needs triaging) The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-12-12 Last update: 2026-03-27 15:00

news

[rss feed]

[2026-01-08] ncurses 6.6+20251231-1 MIGRATED to testing (Debian testing watch)
[2026-01-03] Accepted ncurses 6.6+20251231-1 (source) into unstable (Sven Joachim)
[2025-12-03] ncurses 6.5+20251123-1 MIGRATED to testing (Debian testing watch)
[2025-11-24] Accepted ncurses 6.5+20251123-1 (source) into unstable (Sven Joachim)
[2025-11-23] Accepted ncurses 6.5+20251122-1 (source) into unstable (Sven Joachim)
[2025-11-20] Accepted ncurses 6.5+20251115-2 (source) into unstable (Sven Joachim)
[2025-11-17] Accepted ncurses 6.5+20251115-1 (source) into experimental (Sven Joachim)
[2025-03-13] ncurses 6.5+20250216-2 MIGRATED to testing (Debian testing watch)
[2025-03-06] Accepted ncurses 6.5+20250216-2 (source) into unstable (Sven Joachim)
[2025-02-24] ncurses 6.5+20250216-1 MIGRATED to testing (Debian testing watch)
[2025-02-18] Accepted ncurses 6.5+20250216-1 (source) into unstable (Sven Joachim)
[2025-02-10] ncurses 6.5+20250125-2 MIGRATED to testing (Debian testing watch)
[2025-01-31] Accepted ncurses 6.5+20250125-2 (source) into unstable (Sven Joachim)
[2025-01-29] Accepted ncurses 6.5+20250125-1 (source) into experimental (Sven Joachim)
[2024-05-16] ncurses 6.5-2 MIGRATED to testing (Debian testing watch)
[2024-05-09] Accepted ncurses 6.5-2 (source) into unstable (Sven Joachim)
[2024-05-05] Accepted ncurses 6.5-1 (source) into experimental (Sven Joachim)
[2024-04-22] ncurses 6.4+20240414-1 MIGRATED to testing (Debian testing watch)
[2024-04-16] Accepted ncurses 6.4+20240414-1 (source) into unstable (Sven Joachim)
[2024-01-22] ncurses 6.4+20240113-1 MIGRATED to testing (Debian testing watch)
[2024-01-22] ncurses 6.4+20240113-1 MIGRATED to testing (Debian testing watch)
[2024-01-15] Accepted ncurses 6.4+20240113-1 (source) into unstable (Sven Joachim)
[2023-12-17] ncurses 6.4+20231209-1 MIGRATED to testing (Debian testing watch)
[2023-12-11] Accepted ncurses 6.4+20231209-1 (source) into unstable (Sven Joachim)
[2023-12-03] Accepted ncurses 6.1+20181013-2+deb10u5 (source) into oldoldstable (Guilhem Moulin)
[2023-11-28] ncurses 6.4+20231121-1 MIGRATED to testing (Debian testing watch)
[2023-11-22] Accepted ncurses 6.4+20231121-1 (source) into unstable (Sven Joachim)
[2023-11-20] Accepted ncurses 6.4+20231118-1 (source) into unstable (Sven Joachim)
[2023-10-23] ncurses 6.4+20231016-1 MIGRATED to testing (Debian testing watch)
[2023-10-17] Accepted ncurses 6.4+20231016-1 (source) into unstable (Sven Joachim)

bugs [bug history graph]

all: 35
RC: 0
I&N: 13
M&W: 22
F&P: 0
patch: 7

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 6.6+20251231-1
28 bugs (1 patch)