-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 26 May 2023 20:31:08 +0200 Source: ncurses Architecture: source Version: 6.2+20201114-2+deb11u2 Distribution: bullseye Urgency: medium Maintainer: Craig Small Changed-By: Sven Joachim Changes: ncurses (6.2+20201114-2+deb11u2) bullseye; urgency=medium . * Configure with "--disable-root-environ" to disallow loading of custom terminfo entries in setuid/setgid programs, mitigating the impact of CVE-2023-29491 (see #1034372). - Update the symbols files for the newly exported symbol _nc_env_access. - New patch debian-env-access.diff, changing the behavior of the "--disable-root-environ" configure option to not restrict programs run by the superuser, equivalent to the "--disable-setuid-environ" option introduced in the 20230423 patchlevel. Checksums-Sha1: f9b3a084b472494aa0f2b789102debf83696dbd0 4138 ncurses_6.2+20201114-2+deb11u2.dsc fec49aa8392ce5fabbd46ddd3fc523c4c60105da 54056 ncurses_6.2+20201114-2+deb11u2.debian.tar.xz 56bd7bd066955e86ddbd756056a50881e81a3b32 5927 ncurses_6.2+20201114-2+deb11u2_source.buildinfo Checksums-Sha256: 3ec39ab5dae31895ea40ca68d9f3e1b1c701e092a383fe4e0158f66c60043f49 4138 ncurses_6.2+20201114-2+deb11u2.dsc c0f89212206e4c9dc5e141e2588ba82ea76051a04fccc5dc84075a358b3a6704 54056 ncurses_6.2+20201114-2+deb11u2.debian.tar.xz cf02f90a5dc1fdc6cbb50891609827cab488832905d8630c9e50fbeff28a7886 5927 ncurses_6.2+20201114-2+deb11u2_source.buildinfo Files: e74d8253a69692641ddef02c40ae97c5 4138 libs required ncurses_6.2+20201114-2+deb11u2.dsc afa5ce292444d35fa3e006d0ff741c08 54056 libs required ncurses_6.2+20201114-2+deb11u2.debian.tar.xz 119704c116e5fdcefb38522b3681d8ab 5927 libs required ncurses_6.2+20201114-2+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAmRw+6sACgkQOxBucY1r Mayoag/6ArHDrY43GnPsdWLzk8NZaFbefPBV51T9lVgg3oAzf9qFXanT3bbDgZ0+ +CXy6p/thN/95H7iAlTHHGJ+VvjM2zd2ogWk247adiQTjNHCbqwLtxVNc5rasBo9 vDKICiF9YQg7BIWosE8p1BVqPInTrCxkyua9tk9TyNuT8FGdgZOpbsa80+Zz/BvS BfsekeOhy0srB/hOim5HRSUp3RvC0HaF9/kfEy1PKB0ZFtu+r64hnYwwosXsfzD+ 44Jea+aG8wtvjqhBu32iuZC0kRjZbKiKmon048l8Uivm5r1RStcMbdbdfHbV/Sbf Iz7uqlcHLbyJUbuHx5OsHTcDtuzwzDcYJIX73++E2EWal2v1ztymErR5CALmXS5g y6P89PPwIn7SqQawArMEsp2qYJOsirudWBcJ/M+xAzGTA7opkd0u9e4kg5ZZgB5H ZRweuVgMRXqvOtIZmXPVw4UY3buymHtWmzaBj4Mfum3YcK9Vg6QqVT3ZXPOT+HvH PKnFTD0pD3ZN1jGwP4Tgx1+kGfE6lXQWir3fAcKQaiJFkoaaNxkJ3o94R03P1UZO ao5BVmZSxgvO7w8W2mjQNamiiDW0JH4JlTSXPvC4boLGdq9NyJWh7xq0EoHPzBQA 87PsPyY05XFkJ05TtSz0dhP3PUttMy9HASsuxfdZfHHHsw35usU= =faTe -----END PGP SIGNATURE-----