[Secure-testing-commits] r38062 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Dec 2 21:16:45 UTC 2015
Author: carnil
Date: 2015-12-02 21:16:45 +0000 (Wed, 02 Dec 2015)
New Revision: 38062
Modified:
data/CVE/list
Log:
Update information for CVE-2015-8386/pcre3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-02 21:10:16 UTC (rev 38061)
+++ data/CVE/list 2015-12-02 21:16:45 UTC (rev 38062)
@@ -6965,10 +6965,14 @@
TODO: check
CVE-2015-8386 (PCRE before 8.38 mishandles the interaction of lookbehind assertions ...)
- pcre3 <unfixed>
+ [jessie] - pcre3 <no-dsa> (Minor issue)
+ [wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
+ [squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed in 8.38
- NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1560
- TODO: check
-CVE-2015-8385 (PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and ...)
+ NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1560
+ NOTE: Reproducer fails starting from at least http://vcs.pcre.org/pcre?view=revision&revision=1379
+ NOTE: but the patched code is as well already present in wheezy at least.
+CVE-2015-8385 [mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references]
- pcre3 <unfixed>
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list