[Secure-testing-commits] r38032 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 2 05:54:44 UTC 2015
Author: carnil
Date: 2015-12-02 05:54:44 +0000 (Wed, 02 Dec 2015)
New Revision: 38032
Modified:
data/CVE/list
Log:
More pcre3 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-02 05:44:56 UTC (rev 38031)
+++ data/CVE/list 2015-12-02 05:54:44 UTC (rev 38032)
@@ -6836,6 +6836,40 @@
RESERVED
CVE-2015-5703 (SQL injection vulnerability in the public key discovery API call in ...)
TODO: check
+CVE-2015-8395 [mishandles certain references, allowing denial of service or possibly have unspecified other impact via a crafted regular expression]
+ - pcre3 <unfixed>
+ NOTE: Fixed in 8.38
+ NOTE: related issue to CVE-2015-8384 and CVE-2015-8392
+ TODO: check
+CVE-2015-8394 [mishandles the (?(<digits>) and (?(R<digits>) conditions]
+ - pcre3 <unfixed>
+ NOTE: Fixed in 8.38
+ TODO: check
+CVE-2015-8393 [pcregrep mishandles the -q option for binary files]
+ - pcre3 <unfixed>
+ NOTE: Fixed in 8.38
+ TODO: check
+CVE-2015-8392 [mishandles certain instances of the (?| substring]
+ - pcre3 <unfixed>
+ NOTE: Fixed in 8.38
+ NOTE: related issue to CVE-2015-8384 and CVE-2015-8395
+ TODO: check
+CVE-2015-8391 [pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting]
+ - pcre3 <unfixed>
+ NOTE: Fixed in 8.38
+ TODO: check
+CVE-2015-8390 [mishandles the [: and \\ substrings in character classes]
+ - pcre3 <unfixed>
+ NOTE: Fixed in 8.38
+ TODO: check
+CVE-2015-8389 [mishandles the /(?:|a|){100}x/ pattern and related patterns]
+ - pcre3 <unfixed>
+ NOTE: Fixed in 8.38
+ TODO: check
+CVE-2015-8388 [mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis]
+ - pcre3 <unfixed>
+ NOTE: Fixed in 8.38
+ TODO: check
CVE-2015-8387 [mishandles (?123) subroutine calls and related subroutine calls]
- pcre3 <unfixed>
NOTE: Fixed in 8.38
More information about the Secure-testing-commits
mailing list