id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
5416	ncurses-6.4-20230520 (fix CVE-2023-29491)	Xi Ruoyao	Xi Ruoyao	"ncurses before 6.4 20230408, when used by a setuid  application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

In BLFS screen is a setuid executable and it uses ncurses, so we need update ncurses to a fixed version.  Arch and Fedora are using 6.4-20230520, which can be downloaded from https://ncurses.scripts.mit.edu/?p=ncurses.git;a=snapshot;h=e762b1bf39c1080e4155e0a592f22452130bdfc6;sf=tgz but we need to repackage it & upload to anduin."	enhancement	closed	high	12.1	Book	git	normal	fixed