[Secure-testing-commits] r38071 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Dec 3 06:06:17 UTC 2015


Author: carnil
Date: 2015-12-03 06:06:17 +0000 (Thu, 03 Dec 2015)
New Revision: 38071

Modified:
   data/CVE/list
Log:
Update information for CVE-2015-8389/pcre3, add annotation when issue introduced

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-03 06:00:16 UTC (rev 38070)
+++ data/CVE/list	2015-12-03 06:06:17 UTC (rev 38071)
@@ -6954,7 +6954,8 @@
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: Fixed in 8.38
-	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1577
+	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1577
+	NOTE: First bad commit: http://vcs.pcre.org/pcre?view=revision&revision=1440
 	NOTE: Only after r1577 looks like there is another new issue (stack-buffer-underflow, READ of size 4 when running PoC)
 CVE-2015-8388 (PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and ...)
 	- pcre3 2:8.35-7




More information about the Secure-testing-commits mailing list