From owner-freebsd-security  Wed Oct 11 16:16:13 2000
Delivered-To: freebsd-security@freebsd.org
Received: from blues.jpj.net (blues.jpj.net [204.97.17.146])
	by hub.freebsd.org (Postfix) with ESMTP id 93FAF37B502
	for <freebsd-security@FreeBSD.ORG>; Wed, 11 Oct 2000 16:16:11 -0700 (PDT)
Received: from localhost (trevor@localhost)
	by blues.jpj.net (right/backatcha) with ESMTP id e9BNG0u18075;
	Wed, 11 Oct 2000 19:16:00 -0400 (EDT)
Date: Wed, 11 Oct 2000 19:16:00 -0400 (EDT)
From: Trevor Johnson <trevor@jpj.net>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: Mike Silbersack <silby@silby.com>, freebsd-security@FreeBSD.ORG
Subject: Re: ncurses buffer overflows (fwd) 
In-Reply-To: <200010112215.e9BMF5F72845@cwsys.cwsent.com>
Message-ID: <Pine.BSI.4.21.0010111901210.17626-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Cy Schubert wrote:

> So far so good on 4.1.1, nothing appears to be broken, yet, and the 
> exploit fails to work, a good thing.  To "make world" the following 
> patch needs to be applied to /usr/src/lib/libncurses/Makefile:

Thank you!  Looking at the CVS logs, I see that Peter Wemm has imported
most of ncurses-20001009, and he remembered src/lib/libncurses/Makefile
(so I guess your effort for me was wasted).
-- 
Trevor Johnson
http://jpj.net/~trevor/gpgkey.txt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message