[Secure-testing-commits] r38060 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 2 20:48:56 UTC 2015
Author: carnil
Date: 2015-12-02 20:48:56 +0000 (Wed, 02 Dec 2015)
New Revision: 38060
Modified:
data/CVE/list
Log:
Mark CVE-2015-8385 as no-dsa for wheezy and jessie
Note for reviewers: I have not done so for squeeze-lts, since not
checked that version if vulnerability is present. Depending on that
should probably be as well no-dsa or not-affected if not present.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-02 20:35:05 UTC (rev 38059)
+++ data/CVE/list 2015-12-02 20:48:56 UTC (rev 38060)
@@ -6968,9 +6968,10 @@
TODO: check
CVE-2015-8385 [mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references]
- pcre3 <unfixed>
+ [jessie] - pcre3 <no-dsa> (Minor issue)
+ [wheezy] - pcre3 <no-dsa> (Minor issue)
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1559
- TODO: check
CVE-2015-8384 [mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references]
- pcre3 <unfixed>
NOTE: related issue to CVE-2015-8392 and CVE-2015-8395
More information about the Secure-testing-commits
mailing list