| Package | ncurses |
|---|---|
| Version | 5.9+20140913-1+deb8u6 (jessie), 6.0+20161126-1+deb9u5 (stretch) |
| Related CVEs | CVE-2023-29491 |
Loading of custom terminfo entries in setuid/setgid programs has been disabled to mitigate memory corruption via malformed data in terminfo database files.
For Debian 8 jessie, these problems have been fixed in version 5.9+20140913-1+deb8u6.
For Debian 9 stretch, these problems have been fixed in version 6.0+20161126-1+deb9u5.
We recommend that you upgrade your ncurses packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.