[LWN Logo]

Date: Thu, 27 Aug 1998 22:54:47 +0200
From: Martin Schulze <joey@kuolema.Infodrom.North.DE>
To: Debian Security Announcements <debian-security-announce@lists.debian.org>
Subject: [SECURITY] New versions of ncurses fixes security problem


--7iMSBzlTiPOCCT2k
Content-Type: text/plain; charset=us-ascii

We have received a report that using ncurses in setuid programs will
give the user a way to open arbitrary files.

We recommend you upgrade your ncurses3.4-dev package immediately.

dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.0 alias hamm
-------------------------------

  This version of Debian were released only for the Intel and the
  Motorola 68xxx architecture.


  Intel architecture:
    ftp://ftp.debian.org/debian/dists/stable-updates/ncurses3.4-dev_1.9.9g-8.9.1_i386.deb
      MD5 checksum: 9dcb2a4d455197b1102ccefd99bf60fa

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/dists/stable-updates/ncurses3.4-dev_1.9.9g-8.9.1_m68k.deb
      MD5 checksum: 917a954e24960a63e0ec8eaf56274bb7


  These files will be moved into
  ftp://ftp.debian.org/debian/dists/hamm/main/binary-$arch/ soon.


For other architectures please refer to the appropriate directory
ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

--7iMSBzlTiPOCCT2k
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBNeXHlxRNm5Suj3z1AQFUxQQAiwvOLSKcxTN+h7Ok+1wnRg1Yx282ZDov
S5CnBj5vz0V+3/kd8IybvXkasuDiw0MqvIXwRdgdzsJs3RVcthXeakhh+ogP8DXJ
8NeanhmN5bZn0N+jRGHm93o8v+YYGHXXkn//CxzX2Qz7ebqLfYsu+sJT1F/GYEwc
bDyV1DrVmvs=
=KixV
-----END PGP SIGNATURE-----

--7iMSBzlTiPOCCT2k--


--  
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org