From 1cd172c198c45bdca0a4cc0122f60e365446a5f8 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 28 Aug 2023 09:52:12 +0200
Subject: Update status for ncurses issues according to the maintainer

Thanks: Sven Joachim
---
 data/CVE/list | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index 2938bf383e..1d0b8342fd 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -226256,23 +226256,37 @@ CVE-2020-19192
 CVE-2020-19191
 	RESERVED
 CVE-2020-19190 (Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:7 ...)
-	- ncurses <undetermined>
+	- ncurses 6.1+20191019-1
 	NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc6.md
+	NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels
+	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
+	NOTE: CVE-2020-19190 seems to be a duplicate of CVE-2019-17594 but keep distinct for now
 CVE-2020-19189 (Buffer Overflow vulnerability in postprocess_terminfo function in tinf ...)
-	- ncurses <undetermined>
+	- ncurses 6.1+20191019-1
 	NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
+	NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels
+	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
 CVE-2020-19188 (Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...)
-	- ncurses <undetermined>
+	- ncurses 6.1+20191019-1
 	NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc4.md
+	NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels
+	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
 CVE-2020-19187 (Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...)
-	- ncurses <undetermined>
+	- ncurses 6.1+20191019-1
 	NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc3.md
+	NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels
+	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
+	NOTE: CVE-2020-19187 seems to be a duplicate of CVE-2019-17595 but keep distinct for now
 CVE-2020-19186 (Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp ...)
-	- ncurses <undetermined>
+	- ncurses 6.1+20191019-1
 	NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc2.md
+	NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels
+	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
 CVE-2020-19185 (Buffer Overflow vulnerability in one_one_mapping function in progs/dum ...)
-	- ncurses <undetermined>
+	- ncurses 6.1+20191019-1
 	NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc1.md
+	NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels
+	NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html
 CVE-2020-19184
 	RESERVED
 CVE-2020-19183
-- 
cgit v1.2.3