[Secure-testing-commits] r38070 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 3 06:00:16 UTC 2015
Author: carnil
Date: 2015-12-03 06:00:16 +0000 (Thu, 03 Dec 2015)
New Revision: 38070
Modified:
data/CVE/list
Log:
Update CVE-2015-8389/pcre3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-03 05:32:05 UTC (rev 38069)
+++ data/CVE/list 2015-12-03 06:00:16 UTC (rev 38070)
@@ -6950,9 +6950,12 @@
TODO: check
CVE-2015-8389 (PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related ...)
- pcre3 <unfixed>
+ [jessie] - pcre3 <no-dsa> (Minor issue, --enable-jit not set during build anyway)
+ [wheezy] - pcre3 <not-affected> (Vulnerable code not present)
+ [squeeze] - pcre3 <not-affected> (Vulnerable code not present)
NOTE: Fixed in 8.38
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1577
- TODO: check
+ NOTE: Only after r1577 looks like there is another new issue (stack-buffer-underflow, READ of size 4 when running PoC)
CVE-2015-8388 (PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and ...)
- pcre3 2:8.35-7
[jessie] - pcre3 <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list