diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD
index 5bc19c45858..45f67367fd6 100644
--- a/main/ncurses/APKBUILD
+++ b/main/ncurses/APKBUILD
@@ -2,7 +2,8 @@
 pkgname=ncurses
 pkgver=6.2_p20210612
 _ver=${pkgver/_p/-}
-pkgrel=0
+_mirror_commit=a50b059f71e787a32e396c0e5b40cee4230c997e
+pkgrel=1
 pkgdesc="Console display library"
 url="https://invisible-island.net/ncurses/"
 arch="all"
@@ -11,10 +12,14 @@ license="MIT"
 makedepends_build="ncurses"
 subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs
 	$pkgname-terminfo-base:base:noarch $pkgname-terminfo:terminfo:noarch"
-source="https://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz"
-builddir="$srcdir"/ncurses-$_ver
+source="$pkgname-$pkgver.tar.gz::https://github.com/mirror/ncurses/archive/$_mirror_commit.tar.gz
+	CVE-2022-29458.patch
+	"
+builddir="$srcdir"/ncurses-$_mirror_commit
 
 # secfixes:
+#   6.2_p20210612-r1:
+#     - CVE-2022-29458
 #   6.2_p20200530-r0:
 #     - CVE-2021-39537
 #   6.1_p20180414-r0:
@@ -113,5 +118,6 @@ static() {
 }
 
 sha512sums="
-f86a1c145dab554d8fa0c9ecc53ee9382e7c77b3b0d7011a9f5310d4ad700cecdfe80f2f2196ed365700f0eb21e333a8e62ae39c28cfd16570a045036dc7eff7  ncurses-6.2-20210612.tgz
+c0c0d61cf521918678de271fdbfe9d7cd6d25ef85e6c9b13bfe0954426fa936744789a94ea8ccb4b71208a25e2622a3de7c24e929b4aaa0aacfc7a2735022487  ncurses-6.2_p20210612.tar.gz
+b7904866af8afc7a163151a803ca506981d87f58ce9a720a28c27aa6fa1ac1cf43dad8916a8265779ff2253d2dbacb2793733cadf44dbe10f6cf894944042708  CVE-2022-29458.patch
 "
diff --git a/main/ncurses/CVE-2022-29458.patch b/main/ncurses/CVE-2022-29458.patch
new file mode 100644
index 00000000000..9481a99a310
--- /dev/null
+++ b/main/ncurses/CVE-2022-29458.patch
@@ -0,0 +1,33 @@
+--- a/ncurses/tinfo/read_entry.c
++++ b/ncurses/tinfo/read_entry.c
+@@ -145,6 +145,7 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+ {
+     int i;
+     char *p;
++    bool corrupt = FALSE;
+ 
+     for (i = 0; i < count; i++) {
+ 	if (IS_NEG1(buf + 2 * i)) {
+@@ -154,8 +155,20 @@ convert_strings(char *buf, char **Strings, int count, int size, char *table)
+ 	} else if (MyNumber(buf + 2 * i) > size) {
+ 	    Strings[i] = ABSENT_STRING;
+ 	} else {
+-	    Strings[i] = (MyNumber(buf + 2 * i) + table);
+-	    TR(TRACE_DATABASE, ("Strings[%d] = %s", i, _nc_visbuf(Strings[i])));
++	    int nn = MyNumber(buf + 2 * i);
++	    if (nn >= 0 && nn < size) {
++		Strings[i] = (nn + table);
++		TR(TRACE_DATABASE, ("Strings[%d] = %s", i,
++				    _nc_visbuf(Strings[i])));
++	    } else {
++		if (!corrupt) {
++		    corrupt = TRUE;
++		    TR(TRACE_DATABASE,
++		       ("ignore out-of-range index %d to Strings[]", nn));
++		    _nc_warning("corrupt data found in convert_strings");
++		}
++		Strings[i] = ABSENT_STRING;
++	    }
+ 	}
+ 
+ 	/* make sure all strings are NUL terminated */