[Secure-testing-commits] r38071 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 3 06:06:17 UTC 2015
Author: carnil
Date: 2015-12-03 06:06:17 +0000 (Thu, 03 Dec 2015)
New Revision: 38071
Modified:
data/CVE/list
Log:
Update information for CVE-2015-8389/pcre3, add annotation when issue introduced
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-12-03 06:00:16 UTC (rev 38070)
+++ data/CVE/list 2015-12-03 06:06:17 UTC (rev 38071)
@@ -6954,7 +6954,8 @@
[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
NOTE: Fixed in 8.38
- NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1577
+ NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1577
+ NOTE: First bad commit: http://vcs.pcre.org/pcre?view=revision&revision=1440
NOTE: Only after r1577 looks like there is another new issue (stack-buffer-underflow, READ of size 4 when running PoC)
CVE-2015-8388 (PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and ...)
- pcre3 2:8.35-7
More information about the Secure-testing-commits
mailing list