ncurses: CVE-2017-13733

Debian Bug report logs - #873746
ncurses: CVE-2017-13733

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Raphael Hertzog <hertzog@debian.org>

To: submit@bugs.debian.org

Subject: ncurses: multiple vulnerabilities on tic, captoinfo, infotocap (CVE-2017-13728 to CVE-2017-13734)

Date: Wed, 30 Aug 2017 15:49:02 +0200

Source: ncurses
X-Debbugs-CC: team@security.debian.org secure-testing-team@lists.alioth.debian.org
Severity: important
Tags: security

Hi,

the following vulnerabilities were published for ncurses.

CVE-2017-13728[0]:
| There is an infinite loop in the next_char function in comp_scan.c in
| ncurses 6.0, related to libtic. A crafted input will lead to a remote
| denial of service attack.

CVE-2017-13729[1]:
| There is an illegal address access in the _nc_save_str function in
| alloc_entry.c in ncurses 6.0. It will lead to a remote denial of
| service attack.

CVE-2017-13730[2]:
| There is an illegal address access in the function
| _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead
| to a remote denial of service attack.

CVE-2017-13731[3]:
| There is an illegal address access in the function
| postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to
| a remote denial of service attack.

CVE-2017-13732[4]:
| There is an illegal address access in the function dump_uses() in
| progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
| service attack.

CVE-2017-13733[5]:
| There is an illegal address access in the fmt_entry function in
| progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
| service attack.

CVE-2017-13734[6]:
| There is an illegal address access in the _nc_safe_strcat function in
| strings.c in ncurses 6.0 that will lead to a remote denial of service
| attack.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13728
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728
[1] https://security-tracker.debian.org/tracker/CVE-2017-13729
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729
[2] https://security-tracker.debian.org/tracker/CVE-2017-13730
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730
[3] https://security-tracker.debian.org/tracker/CVE-2017-13731
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731
[4] https://security-tracker.debian.org/tracker/CVE-2017-13732
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732
[5] https://security-tracker.debian.org/tracker/CVE-2017-13733
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733
[6] https://security-tracker.debian.org/tracker/CVE-2017-13734
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734

Please adjust the affected versions in the BTS as needed.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Message #12 received at 873723@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: Raphael Hertzog <hertzog@debian.org>

Cc: 873723@bugs.debian.org

Subject: Re: Bug#873723: ncurses: multiple vulnerabilities on tic, captoinfo, infotocap (CVE-2017-13728 to CVE-2017-13734)

Date: Wed, 30 Aug 2017 18:17:40 +0200

Control: clone -1 -2
Control: retitle -2 ncurses: CVE-2017-13733

On 2017-08-30 15:49 +0200, Raphael Hertzog wrote:

> Source: ncurses
> X-Debbugs-CC: team@security.debian.org secure-testing-team@lists.alioth.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> the following vulnerabilities were published for ncurses.
>
> CVE-2017-13728[0]:
> | There is an infinite loop in the next_char function in comp_scan.c in
> | ncurses 6.0, related to libtic. A crafted input will lead to a remote
> | denial of service attack.
>
> CVE-2017-13729[1]:
> | There is an illegal address access in the _nc_save_str function in
> | alloc_entry.c in ncurses 6.0. It will lead to a remote denial of
> | service attack.
>
> CVE-2017-13730[2]:
> | There is an illegal address access in the function
> | _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead
> | to a remote denial of service attack.
>
> CVE-2017-13731[3]:
> | There is an illegal address access in the function
> | postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to
> | a remote denial of service attack.
>
> CVE-2017-13732[4]:
> | There is an illegal address access in the function dump_uses() in
> | progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
> | service attack.
>
> CVE-2017-13733[5]:
> | There is an illegal address access in the fmt_entry function in
> | progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
> | service attack.
>
> CVE-2017-13734[6]:
> | There is an illegal address access in the _nc_safe_strcat function in
> | strings.c in ncurses 6.0 that will lead to a remote denial of service
> | attack.

All but CVE-2017-13733 have been fixed in the latest upstream patchlevel
for which I have already prepared a release, cloning the bug to track
that one separately.

> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

Already done[1].

Cheers,
       Sven


1. https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=45ee200645d5f299be580db4aeb2a4b5c817301a

Message #23 received at 873746@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: 873746@bugs.debian.org

Subject: crash backtrace

Date: Fri, 01 Sep 2017 20:53:29 +0200

[Message part 1 (text/plain, inline)]

For the reference, this bug has been reported originally at
https://bugzilla.redhat.com/show_bug.cgi?id=1484290.  Thomas said he
could not reproduce it, but the crash happens with the current version
in unstable.

Here is a backtrace from "infotocap POC12" after rebuilding tic with
-O0, so that the variables are not all optimized out:

,----
| Reading symbols from infotocap...done.
| (gdb) set args POC12
| (gdb) run
| Starting program: /usr/local/src/deb-src/ncurses/ncurses/obj/progs/infotocap POC12 
| 
| Program received signal SIGSEGV, Segmentation fault.
| __strcmp_ssse3 () at ../sysdeps/i386/i686/multiarch/strcmp-ssse3.S:241
| 241	../sysdeps/i386/i686/multiarch/strcmp-ssse3.S: Datei oder Verzeichnis nicht gefunden.
| (gdb) bt full
| #0  __strcmp_ssse3 () at ../sysdeps/i386/i686/multiarch/strcmp-ssse3.S:241
| No locals.
| #1  0x565602cd in fmt_entry (tterm=0x56577c40, pred=0x5655e9e9 <dump_predicate>, content_only=0, suppress_untranslatable=0, infodump=0, numbers=0) at ../../progs/dump_entry.c:996
|         i = 7
|         j = 39
|         buffer = '\000' <repeats 4113 times>...
|         capability = 0x0
|         name = 0xf7fb0627 "ws"
|         predval = -1
|         len = 14
|         num_bools = 0
|         num_values = 0
|         num_strings = 0
|         outcount = false
| #2  0x5656188d in dump_entry (tterm=0x56577c40, suppress_untranslatable=0, limited=1, numbers=0, pred=0x0) at ../../progs/dump_entry.c:1513
|         save_tterm = {term_names = 0x0, str_table = 0x0, Booleans = 0x0, Numbers = 0x0, Strings = 0x0, ext_str_table = 0x0, ext_Names = 0x0, num_Booleans = 0, num_Numbers = 0, num_Strings = 0, ext_Booleans = 0, ext_Numbers = 0, ext_Strings = 0}
|         len = 0
|         critlen = 1023
|         legend = 0x56567862 "older termcap"
|         infodump = false
| #3  0x56558ceb in main (argc=2, argv=0xffffd324) at ../../progs/tic.c:1037
|         j = -1
|         len = 0
|         my_tmpname = '\000' <repeats 4095 times>
|         my_altfile = '\000' <repeats 1841 times>...
|         v_opt = -1
|         debug_level = 0
|         smart_defaults = 1
|         termcap = 0x0
|         qp = 0x56577c40
|         this_opt = -1
|         last_opt = 63
|         outform = 2
|         sortmode = 4
|         width = 60
|         height = 65535
|         formatted = false
|         literal = false
|         numbers = 0
|         forceresolve = false
|         limited = true
|         tversion = 0x0
|         source_file = 0xffffd509 "POC12"
|         outdir = 0x0
|         check_only = false
|         suppress_untranslatable = false
|         quickdump = 0
|         quiet = false
|         wrap_strings = false
| (gdb)
`----

The POC12 file is attached.

[POC12 (application/octet-stream, attachment)]

Message #28 received at 873746@bugs.debian.org (full text, mbox, reply):

From: Thomas Dickey <dickey@his.com>

To: Sven Joachim <svenjoac@gmx.de>, 873746@bugs.debian.org

Subject: Re: Bug#873746: crash backtrace

Date: Sat, 2 Sep 2017 17:33:27 -0400

[Message part 1 (text/plain, inline)]

On Fri, Sep 01, 2017 at 08:53:29PM +0200, Sven Joachim wrote:
> For the reference, this bug has been reported originally at
> https://bugzilla.redhat.com/show_bug.cgi?id=1484290.  Thomas said he
> could not reproduce it, but the crash happens with the current version
> in unstable.
> 
> Here is a backtrace from "infotocap POC12" after rebuilding tic with
> -O0, so that the variables are not all optimized out:

Reproducing it depends on the architecture and options (thanks for the
reminder: I was able to reproduce this using 32-bit Debian9 with the
options corresponding to the Debian package - needed both of those...)

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://ftp.invisible-island.net

[signature.asc (application/pgp-signature, inline)]

Message #33 received at 873746-submitter@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: 873746-submitter@bugs.debian.org

Subject: Bug#873746 marked as pending

Date: Sun, 03 Sep 2017 15:43:17 +0000

tag 873746 pending
thanks

Hello,

Bug #873746 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=ec59a31

---
commit ec59a31b157cf6fa1ab850bbacf3154634faab83
Author: Sven Joachim <svenjoac@gmx.de>
Date:   Sun Sep 3 17:41:49 2017 +0200

    Close bug #873746

diff --git a/debian/changelog b/debian/changelog
index 460b1c6..522da03 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 ncurses (6.0+20170902-1) UNRELEASED; urgency=medium
 
   * New upstream patchlevel.
+    - Modify check in fmt_entry() to handle a cancelled reset string
+      (CVE-2017-13733, Closes: #873746).
 
  -- Sven Joachim <svenjoac@gmx.de>  Sun, 03 Sep 2017 17:37:19 +0200
 

Message #38 received at 873746-close@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: 873746-close@bugs.debian.org

Subject: Bug#873746: fixed in ncurses 6.0+20170902-1

Date: Sun, 03 Sep 2017 17:56:21 +0000

Source: ncurses
Source-Version: 6.0+20170902-1

We believe that the bug you reported is fixed in the latest version of
ncurses, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873746@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Joachim <svenjoac@gmx.de> (supplier of updated ncurses package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 03 Sep 2017 19:25:01 +0200
Source: ncurses
Binary: libtinfo5 libtinfo5-udeb libncurses5 libtinfo-dev libtinfo5-dbg libncurses5-dev libncurses5-dbg libncursesw5 libncursesw5-dev libncursesw5-dbg lib64ncurses5 lib64ncurses5-dev lib32ncurses5 lib32ncurses5-dev lib32ncursesw5 lib32ncursesw5-dev lib64tinfo5 lib32tinfo5 lib32tinfo-dev ncurses-bin ncurses-base ncurses-term ncurses-examples ncurses-doc
Architecture: source
Version: 6.0+20170902-1
Distribution: unstable
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Description:
 lib32ncurses5 - shared libraries for terminal handling (32-bit)
 lib32ncurses5-dev - developer's libraries for ncurses (32-bit)
 lib32ncursesw5 - shared libraries for terminal handling (wide character support) (
 lib32ncursesw5-dev - developer's libraries for ncursesw (32-bit)
 lib32tinfo-dev - developer's library for the low-level terminfo library (32-bit)
 lib32tinfo5 - shared low-level terminfo library for terminal handling (32-bit)
 lib64ncurses5 - shared libraries for terminal handling (64-bit)
 lib64ncurses5-dev - developer's libraries for ncurses (64-bit)
 lib64tinfo5 - shared low-level terminfo library for terminal handling (64-bit)
 libncurses5 - shared libraries for terminal handling
 libncurses5-dbg - debugging/profiling libraries for ncurses
 libncurses5-dev - developer's libraries for ncurses
 libncursesw5 - shared libraries for terminal handling (wide character support)
 libncursesw5-dbg - debugging/profiling libraries for ncursesw
 libncursesw5-dev - developer's libraries for ncursesw
 libtinfo-dev - developer's library for the low-level terminfo library
 libtinfo5  - shared low-level terminfo library for terminal handling
 libtinfo5-dbg - debugging/profiling library for the low-level terminfo library
 libtinfo5-udeb - shared low-level terminfo library for terminal handling - udeb (udeb)
 ncurses-base - basic terminal type definitions
 ncurses-bin - terminal-related programs and man pages
 ncurses-doc - developer's guide and documentation for ncurses
 ncurses-examples - test programs and examples for ncurses
 ncurses-term - additional terminal type definitions
Closes: 873746
Changes:
 ncurses (6.0+20170902-1) unstable; urgency=medium
 .
   * New upstream patchlevel.
     - Modify check in fmt_entry() to handle a cancelled reset string
       (CVE-2017-13733, Closes: #873746).
Checksums-Sha1:
 99dca235e67fd0e8835759205a5415e5a43ba02c 4021 ncurses_6.0+20170902-1.dsc
 91f80a80fd7c650b46fc9a75cb92e474d17090b9 3322744 ncurses_6.0+20170902.orig.tar.gz
 6ac960f5b18709e38fdb437f8f6637fc433da340 267 ncurses_6.0+20170902.orig.tar.gz.asc
 9994e440bcdd616d1bceb7b7f964fb1755bd4920 53496 ncurses_6.0+20170902-1.debian.tar.xz
 69d7bddc0bf1d48d92e6d674f775b4dfe1a212aa 7384 ncurses_6.0+20170902-1_source.buildinfo
Checksums-Sha256:
 6d57899b77e12869ef69d953c7b0af978a46091899401196cd2437c5825d27f4 4021 ncurses_6.0+20170902-1.dsc
 2437043fe3bb6a0deebe758a9744ee8e9d2e0b272ae2cb0d978804f2f5237ab2 3322744 ncurses_6.0+20170902.orig.tar.gz
 10a8ea1bca1f94f7c0a95b2789352a4d279802065400d7a680591100ab75469c 267 ncurses_6.0+20170902.orig.tar.gz.asc
 b8bd83ec458ab21bb038addc846297206ad9f636e3a8eb7cbab5c5879071dcb2 53496 ncurses_6.0+20170902-1.debian.tar.xz
 92df145581d9028c9c9eb4ed6502cb179a91fe8622c5700a53f7ea009316a172 7384 ncurses_6.0+20170902-1_source.buildinfo
Files:
 07ac790be7a0755dc7eaf6324d95afde 4021 libs required ncurses_6.0+20170902-1.dsc
 b7b1cedc484172434855b00831183458 3322744 libs required ncurses_6.0+20170902.orig.tar.gz
 f531c226fba3522e04d29a0fdc0c2778 267 libs required ncurses_6.0+20170902.orig.tar.gz.asc
 c0576ac706a0fb077d50dfdd0ff80fb8 53496 libs required ncurses_6.0+20170902-1.debian.tar.xz
 cdead70f29bcb583d4678761a6435166 7384 libs required ncurses_6.0+20170902-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAlmsO5wACgkQOxBucY1r
MazIZBAA4P4r3A/lFmahpKdXT597HtiBabpR/nV0TwdyuwtXp+GHaVCavvYCHakG
Gv9aW0IZonZ4/9gXv9XqXag6BRTGthggTE3O5xlspYJCE+Tj5WE26htKiK5O3tMZ
m6Xv9sT40aAJ49OQTYSAgBnMij6Urdm2jMD5JjXxBIYGCRYEpCk7EJDsu324F4QU
LrDmhZbhk1ffCO7yqiigxut4jLIL+3RYARx9boWmAIvVu5H73/ZpmDRV/L+m+nzP
H17ok5GcrXbGFcrwdcB3iiZOVRTYi39/qIO4YGJgSuOGXn8AD9QGsTi/7TKFUXEE
cFFLJ3dmwmMr1+EICW6qvlsOvg/4H+cv3UTcrKVQH0hlRDebxibC2lvTo/3x23a0
dhPbl631mexGNkPopngaG0DY8Hlr6Znx9FoYlCFs01WFyE7pybLQUoPa5mhkDrEz
0BrfOl4v3KludVp0CNB3ATfWePcI6kFcgw4KR/b4cTD9kXBea/bqvg8fYTfDKsLK
NUd2UuyQjkkdPfjMAe5kEuXwvV0L+XP8FqIE30e94lspsv9Bc4nd37e+3sP3Mnp2
mhOtU/Mhy1cnOIWFVFOg5nJNLoLF+ZNIHRrebJl+nrEiqP/esgCuUUmSZ6gGqAQl
9iGgsZ2XgEEaWnG4bYMywrMZb335PsUJJvRq3GtNMi28K9AgeUE=
=BBAj
-----END PGP SIGNATURE-----

Message #47 received at 873746-close@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: 873746-close@bugs.debian.org

Subject: Bug#873746: fixed in ncurses 6.0+20161126-1+deb9u1

Date: Thu, 28 Sep 2017 05:47:12 +0000

Source: ncurses
Source-Version: 6.0+20161126-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
ncurses, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 873746@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Joachim <svenjoac@gmx.de> (supplier of updated ncurses package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 Sep 2017 19:05:43 +0200
Source: ncurses
Binary: libtinfo5 libtinfo5-udeb libncurses5 libtinfo-dev libtinfo5-dbg libncurses5-dev libncurses5-dbg libncursesw5 libncursesw5-dev libncursesw5-dbg lib64ncurses5 lib64ncurses5-dev lib32ncurses5 lib32ncurses5-dev lib32ncursesw5 lib32ncursesw5-dev lib64tinfo5 lib32tinfo5 lib32tinfo-dev ncurses-bin ncurses-base ncurses-term ncurses-examples ncurses-doc
Architecture: source
Version: 6.0+20161126-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Craig Small <csmall@debian.org>
Changed-By: Sven Joachim <svenjoac@gmx.de>
Description:
 lib32ncurses5 - shared libraries for terminal handling (32-bit)
 lib32ncurses5-dev - developer's libraries for ncurses (32-bit)
 lib32ncursesw5 - shared libraries for terminal handling (wide character support) (
 lib32ncursesw5-dev - developer's libraries for ncursesw (32-bit)
 lib32tinfo-dev - developer's library for the low-level terminfo library (32-bit)
 lib32tinfo5 - shared low-level terminfo library for terminal handling (32-bit)
 lib64ncurses5 - shared libraries for terminal handling (64-bit)
 lib64ncurses5-dev - developer's libraries for ncurses (64-bit)
 lib64tinfo5 - shared low-level terminfo library for terminal handling (64-bit)
 libncurses5 - shared libraries for terminal handling
 libncurses5-dbg - debugging/profiling libraries for ncurses
 libncurses5-dev - developer's libraries for ncurses
 libncursesw5 - shared libraries for terminal handling (wide character support)
 libncursesw5-dbg - debugging/profiling libraries for ncursesw
 libncursesw5-dev - developer's libraries for ncursesw
 libtinfo-dev - developer's library for the low-level terminfo library
 libtinfo5  - shared low-level terminfo library for terminal handling
 libtinfo5-dbg - debugging/profiling library for the low-level terminfo library
 libtinfo5-udeb - shared low-level terminfo library for terminal handling - udeb (udeb)
 ncurses-base - basic terminal type definitions
 ncurses-bin - terminal-related programs and man pages
 ncurses-doc - developer's guide and documentation for ncurses
 ncurses-examples - test programs and examples for ncurses
 ncurses-term - additional terminal type definitions
Closes: 873723 873746
Changes:
 ncurses (6.0+20161126-1+deb9u1) stretch; urgency=medium
 .
   * Cherry-pick upstream fixes from the 20170701 and 20170708 patchlevels
     for various crash bugs in the tic library and the tic binary
     (CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113).
   * Backport termcap-format fix from the 20170715 patchlevel, repairing a
     regression from the above security fixes (see #868266).
   * Cherry-pick upstream fixes from the 20170826 patchlevel for more
     crash bugs in the tic library (CVE-2017-13728, CVE-2017-13729,
     CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13734,
     Closes: #873723).
   * Cherry-pick upstream fixes from the 20170902 patchlevel to fix
     another crash bug in the tic program (CVE-2017-13733, Closes: #873746).
Checksums-Sha1:
 02f602e8b2256abdf933cca4c0d52e5541be94a1 3784 ncurses_6.0+20161126-1+deb9u1.dsc
 67ed130efd13ad4006b3485024d53e089f213f6b 58888 ncurses_6.0+20161126-1+deb9u1.debian.tar.xz
 f0a9cb4e590c14940eeeaeeb4017249514f36e39 6468 ncurses_6.0+20161126-1+deb9u1_source.buildinfo
Checksums-Sha256:
 aa957f0ad03a52869ff2e5b80658a9ed3377621594d367eba24816216c709c7b 3784 ncurses_6.0+20161126-1+deb9u1.dsc
 f6bc08abcdc3b31f50dcdb622c0bfa060d01508653cf7c16a47014ad70375faf 58888 ncurses_6.0+20161126-1+deb9u1.debian.tar.xz
 ecfa982990a5c0831ceededd4a5943fa201f88e03c5b3b32155c18d93d8972a1 6468 ncurses_6.0+20161126-1+deb9u1_source.buildinfo
Files:
 215ffa6fc1215b532628411e6c632bf1 3784 libs required ncurses_6.0+20161126-1+deb9u1.dsc
 c97a6baa83653bb7f08482601f5ae688 58888 libs required ncurses_6.0+20161126-1+deb9u1.debian.tar.xz
 3fabb6892d6447a55ba83ce8f1efedfa 6468 libs required ncurses_6.0+20161126-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKF8heKgv5Jai5p4QOxBucY1rMawFAlnHUlkACgkQOxBucY1r
May6sw//cpr5peelChCDUlQaF0h0j+hHhy6uGsDDmwHvrTvbib0HGWiOAl7Ceqo8
I3VQGzjrSlRTdZDR06O7ynUNnGvF0YIgTatNQodBtMWF1rMO9dh/649rkYATFCs9
KpO/xS56oseyZupzVhdtjcSE/d1LAPkmnG+6c1lYqISpRtTZqKDEYNVD/hDvEN9z
Vjc3rgEuAGy2R8OaW41Jo7u7kRibqnBYeWmNMJ+rHpDwb1L/KXvEwlJhb/4kvTUC
ddGXojlByBN5UPlB7Fr6/tZYCxivE82irf6PyzEm5A5X37xMWP/fFd2BPYBsdt3t
+EcdTAdK/zbccQol97LPde8kyPFLpyTD14ZhuUa3W1mXyPpbAVhSA4xym4huqrq4
Vq7u0qfL0iR0DFJc6w3kGbjjOhjE00dj28qCttujS7HUWU98PjYTxyXjGV6Oor3R
yNcdKSwa0+yeRQkrWc9wF9kXULVZzysnl06FDMEDLzGB+eVvR59H1i42hGIFaNOC
nEIG7TOrveANJrI4YspLJnY6DximeCVsv58JUzBeBuyoW3dkpHrE+G5eJvAGflE1
YY20Py9If9Hwne+AGCeKxjC7BjXsW0R3vFem2L8f+qAWN6IKQsEYgaKfTnbOCqTs
24tru4ME2FBk6WpNWUhME4cbaeuknjQnlB5iEgydNsx6nMKzxXQ=
=8zGN
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.