In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. Bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1464692 Upstream patch: https://lists.gnu.org/archive/html/bug-ncurses/2017-07/msg00001.html
This issue is duplicate of CVE-2017-10684. *** This bug has been marked as a duplicate of bug 1473302 ***
Statement: Red Hat considers this issue as a duplicate of CVE-2017-10684.