Several vulnerabilities in the C libraries which python-casacore depends on. Could you help upgrade to patch versions?

[JoeGardner000]

Hi, @tammojan , @shibasisp , I'd like to report a vulnerability issue in python-casacore_3.4.0.

Dependency Graph between Python and Shared Libraries

Issue Description

As shown in the above dependency graph (Here shows part of the dependency graph, which depends on vulnerable shared libraries), python-casacore_3.4.0 directly or transitively depends on 37 C libraries (.so). However, I noticed that some C libraries are vulnerable, containing the following CVEs:
libcfitsio-16f89096.so.2.3.37from C project cfitsio(version:3.370) exposed 2 vulnerabilities:
CVE-2018-3848, CVE-2018-3849
libncurses-a6f90868.so.5.9 libtinfo-10270e32.so.5.9from C project ncurses(version:5.9) exposed 3 vulnerabilities:
CVE-2019-17595, CVE-2019-17594, CVE-2021-39537

Suggested Vulnerability Patch Versions

cfitsio has fixed the vulnerabilities in versions >=3.490
ncurses has fixed the vulnerabilities in versions >=6.3

Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects.
As a popular python package (python-casacore has 4,626 downloads per month), could you please upgrade the above shared libraries to their patch versions?

Thanks for your help~
Best regards,
Joe Gardner

[tammojan]

Thanks @JoeGardner000; we're planning to release python-casacore in the next few weeks, we'll make sure to update cfitsio and ncurses in the wheels.