Ubuntu CVE Tracker

CVE-2017-11112 discrepancy in the information available in changelogs and in Ubuntu CVE tracker

Bug #1827007 reported by Pooja on 2019-04-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu CVE Tracker	Fix Released	Undecided	Unassigned

Bug Description

CVE-2017-11112 is fixed as per bionic changelogs https://launchpad.net/ubuntu/bionic/+source/ncurses/+changelog but the CVE tracker link states the fix is needed https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11112.html (which I believe means that the latest version of the package available on 18.04 and 18.10 are still vulnerable)

Can you please clarify as to whether the latest version of the package available on Ubuntu 18.04 and 18.10 do have the necessary fix? If yes, then why is the tracker link showing different information.

Pooja (spooja) on 2019-04-30

summary:	CVE-2017-11112 discrepancy in the information available in changelogs - and in CVE trackers + and in Ubunt CVE tracker
summary:	CVE-2017-11112 discrepancy in the information available in changelogs - and in Ubunt CVE tracker + and in Ubuntu CVE tracker

Revision history for this message

Steve Beattie (sbeattie) wrote on 2019-05-21:

Thanks and sorry for the delay. I've gone ahead and verified that the issue is fixed in 18.04 and newer for this issue as well as retriaged the other open ncurses issues, and committed the updated status in commit https://git.launchpad.net/ubuntu-cve-tracker/commit/?id=34df42f8af0dfe4805fe3309fc252e7c258097cd . These changes should visible from the web version of the tracker within an hour.

Changed in ubuntu-cve-tracker:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.