[Debian-med-packaging] Bug#778397: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
tille at debian.org
Sat Feb 14 17:06:33 UTC 2015
I can confirm that the problem affects testing and unstable. The
package is not in stable. I have commited a patch in SVN:
Upstream is in CC of this mail so I'll set "Forwarded:" to the patch. I
can upload in less than 24 hours if you acknowledge.
On Sat, Feb 14, 2015 at 03:29:37PM +0100, Luciano Bello wrote:
> Package: librcsb-core-wrapper
> Severity: important
> Tags: security patch
> The security team received a report from the CERT Coordination Center that the
> Henry Spencer regular expressions (regex) library contains a heap overflow
> vulnerability. It looks like this package includes the affected code at that's
> the reason of this bug report.
> The patch is available here:
> Please, can you confirm if the binary packages are affected? Are stable and
> testing affected?
> More information, here:
> A CVE id has been requested already and the report will be updated with it
> Cheers, luciano
> Debian-med-packaging mailing list
> Debian-med-packaging at lists.alioth.debian.org
More information about the Debian-med-packaging