new file mode 100644

@@ -0,0 +1,18 @@

+--- a/ncurses/tinfo/parse_entry.c	2018-07-17 19:44:55.333567209 +0530

+@@ -543,11 +543,12 @@

+ 		 * Otherwise, look for a base entry that will already

+ 		 * have picked up defaults via translation.

+ 		 */

+-		for (i = 0; i < entryp->nuses; i++)

+-		    if (!strchr((char *) entryp->uses[i].name, '+'))

++		for (i = 0; i < entryp->nuses; i++) {

++	           if (entryp->uses[i].name != 0

++	           && !strchr(entryp->uses[i].name, '+'))

+ 			has_base_entry = TRUE;

++	    	}

+ 	    }

+-

+ 	    postprocess_termcap(&entryp->tterm, has_base_entry);

+ 	} else

+ 	    postprocess_terminfo(&entryp->tterm);

@@ -1,7 +1,7 @@

 Summary:        Libraries for terminal handling of character screens

 Name:           ncurses

 Version:        6.0

-Release:        8%{?dist}

+Release:        9%{?dist}

 License:        MIT

 URL:            http://invisible-island.net/ncurses/

 Group:          Applications/System

@@ -11,6 +11,7 @@ Distribution:   Photon

 Source0:    ftp://ftp.invisible-island.net/ncurses/current/%{name}-%{version}-20171125.tgz

 %define sha1    ncurses=179d79d707ac5040499294e3206fd558d52b604a

 Provides:       libncurses.so.6()(64bit)

+Patch0:         CVE-2018-10754.patch

 %description

 The Ncurses package contains libraries for terminal-independent

 handling of character screens.

@@ -32,6 +33,7 @@ Provides:   pkgconfig(ncurses)

 It contains the libraries and header files to create applications 

 %prep

 %setup -q -n %{name}-%{version}-%{ncursessubversion}

+%patch0 -p1

 %build

 mkdir v6

@@ -155,6 +157,8 @@ ln -sv %{_lib}/libncursesw.so.5.9 %{buildroot}%{_libdir}/libncurses.so.5

 %{_libdir}/libpanel.so

 %{_libdir}/libmenu.so

 %changelog

+*   Tue Jul 17 2018 Tapas Kundu <tkundu@vmware.com> 6.0-9

+-   Fix for CVE-2018-10754

 *   Wed Dec 06 2017 Xiaolin Li <xiaolinl@vmware.com> 6.0-8

 -   version bump to 20171125, fix CVE-2017-16879

 *   Tue Oct 17 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 6.0-7