[Secure-testing-commits] r38032 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-12-02 05:54:44 +0000 (Wed, 02 Dec 2015)
New Revision: 38032

Modified:
   data/CVE/list
Log:
More pcre3 issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-02 05:44:56 UTC (rev 38031)
+++ data/CVE/list	2015-12-02 05:54:44 UTC (rev 38032)
@@ -6836,6 +6836,40 @@
 	RESERVED
 CVE-2015-5703 (SQL injection vulnerability in the public key discovery API call in ...)
 	TODO: check
+CVE-2015-8395 [mishandles certain references, allowing denial of service or possibly have unspecified other impact via a crafted regular expression]
+	- pcre3 <unfixed>
+	NOTE: Fixed in 8.38
+	NOTE: related issue to CVE-2015-8384 and CVE-2015-8392
+	TODO: check
+CVE-2015-8394 [mishandles the (?(<digits>) and (?(R<digits>) conditions]
+	- pcre3 <unfixed>
+	NOTE: Fixed in 8.38
+	TODO: check
+CVE-2015-8393 [pcregrep mishandles the -q option for binary files]
+	- pcre3 <unfixed>
+	NOTE: Fixed in 8.38
+	TODO: check
+CVE-2015-8392 [mishandles certain instances of the (?| substring]
+	- pcre3 <unfixed>
+	NOTE: Fixed in 8.38
+	NOTE: related issue to CVE-2015-8384 and CVE-2015-8395
+	TODO: check
+CVE-2015-8391 [pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting]
+	- pcre3 <unfixed>
+	NOTE: Fixed in 8.38
+	TODO: check
+CVE-2015-8390 [mishandles the [: and \\ substrings in character classes]
+	- pcre3 <unfixed>
+	NOTE: Fixed in 8.38
+	TODO: check
+CVE-2015-8389 [mishandles the /(?:|a|){100}x/ pattern and related patterns]
+	- pcre3 <unfixed>
+	NOTE: Fixed in 8.38
+	TODO: check
+CVE-2015-8388 [mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis]
+	- pcre3 <unfixed>
+	NOTE: Fixed in 8.38
+	TODO: check
 CVE-2015-8387 [mishandles (?123) subroutine calls and related subroutine calls]
 	- pcre3 <unfixed>
 	NOTE: Fixed in 8.38