[Secure-testing-commits] r38029 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Dec 2 05:36:03 UTC 2015


Author: carnil
Date: 2015-12-02 05:36:03 +0000 (Wed, 02 Dec 2015)
New Revision: 38029

Modified:
   data/CVE/list
Log:
CVE-2015-8381/pcre3 assigned

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-02 05:21:25 UTC (rev 38028)
+++ data/CVE/list	2015-12-02 05:36:03 UTC (rev 38029)
@@ -179,6 +179,18 @@
 	[squeeze] - libiptables-parse-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/24/6
+CVE-2015-8381 [compile_regex function in pcre_compile.c in PCRE before 8.38]
+	- pcre3 <unfixed> (bug #796762; bug #795539)
+	[jessie] - pcre3 <no-dsa> (Minor issue)
+	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
+	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugs.exim.org/show_bug.cgi?id=1672
+	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
+	NOTE: http://www.openwall.com/lists/oss-security/2015/08/24/1
+	NOTE: https://bugs.exim.org/show_bug.cgi?id=1667
+	NOTE: http://www.openwall.com/lists/oss-security/2015/08/05/3
+	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1250943
 CVE-2015-8380 [heap overflow in pcre_exec]
 	- pcre3 <unfixed> (bug #806467)
 	[jessie] - pcre3 <no-dsa> (Minor issue)
@@ -4874,14 +4886,6 @@
 	- activemq 5.6.0+dfsg1-4 (low)
 	[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
 	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
-CVE-2015-XXXX [PCRE Library Heap Overflow in compile_regex()]
-	- pcre3 <unfixed> (bug #796762)
-	[jessie] - pcre3 <no-dsa> (Minor issue)
-	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
-	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
-	NOTE: https://bugs.exim.org/show_bug.cgi?id=1672
-	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/24/1
 CVE-2015-6523 (Cross-site request forgery (CSRF) vulnerability in the Portfolio ...)
 	NOT-FOR-US: Portfolio plugin for WordPress
 CVE-2015-6522 (SQL injection vulnerability in the WP Symposium plugin before 15.8 for ...)
@@ -6737,15 +6741,6 @@
 	RESERVED
 CVE-2014-9742
 	RESERVED
-CVE-2015-XXXX [PCRE Library Heap Overflow Vulnerability]
-	- pcre3 <unfixed> (bug #795539)
-	[jessie] - pcre3 <no-dsa> (Minor issue)
-	[wheezy] - pcre3 <not-affected> (Vulnerable code possibly only introduced in 8.34 refactoring, r1359)
-	[squeeze] - pcre3 <not-affected> (Vulnerable code possibly only introduced in 8.34 refactoring, r1359)
-	NOTE: https://bugs.exim.org/show_bug.cgi?id=1667
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/05/3
-	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1250943
 CVE-2015-5741 [other discoveries of security-relevant RFC 7230 violations]
 	RESERVED
 	- golang 2:1.4.2-4 (bug #795106)




More information about the Secure-testing-commits mailing list