[Secure-testing-commits] r38066 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Dec 3 05:16:23 UTC 2015


Author: carnil
Date: 2015-12-03 05:16:23 +0000 (Thu, 03 Dec 2015)
New Revision: 38066

Modified:
   data/CVE/list
Log:
CVE-2015-8384 clarified, same commit two issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-02 22:33:07 UTC (rev 38065)
+++ data/CVE/list	2015-12-03 05:16:23 UTC (rev 38066)
@@ -6980,11 +6980,15 @@
 	NOTE: Fixed in 8.38
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1559
 CVE-2015-8384 (PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.35-7.2
+	[jessie] - pcre3 <no-dsa>  (Minor issue)
+	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
+	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugs.exim.org/show_bug.cgi?id=1636
 	NOTE: related issue to CVE-2015-8392 and CVE-2015-8395
 	NOTE: Fixed in 8.38
-	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1558
-	TODO: check, possibly a duplicate of CVE-2015-3210, check with MITRE, asked on oss-security
+	NOTE: Fixed by http://vcs.pcre.org/pcre?view=revision&revision=1558
+	NOTE: Same fixing commit ad CVE-2015-3210 but different issues
 CVE-2015-8383 (PCRE before 8.38 mishandles certain repeated conditional groups, which ...)
 	- pcre3 <unfixed>
 	[jessie] - pcre3 <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list