An update for ncurses is now available for HCE 1.1

HCE1-SA-2023-0050 An update for ncurses is now available for HCE 1.1 Critical HCE 1.1 Security Fix(es): There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. (CVE-2017-13728) There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. (CVE-2017-13732) There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. (CVE-2017-13730) There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. (CVE-2017-13731) There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17595) There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17594) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2018-10754) There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. (CVE-2017-13729) There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. (CVE-2017-13734) In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. (CVE-2017-10684) ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. (CVE-2022-29458) In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. (CVE-2017-10685) There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. (CVE-2017-13733) HCE 1.1 ncurses-5.9-15.20130511.hce1c.x86_64.rpm ncurses-base-5.9-15.20130511.hce1c.noarch.rpm ncurses-devel-5.9-15.20130511.hce1c.x86_64.rpm ncurses-libs-5.9-15.20130511.hce1c.x86_64.rpm ncurses-term-5.9-15.20130511.hce1c.noarch.rpm