[Secure-testing-commits] r38085 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Thu Dec 3 19:13:44 UTC 2015


Author: carnil
Date: 2015-12-03 19:13:44 +0000 (Thu, 03 Dec 2015)
New Revision: 38085

Modified:
   data/CVE/list
Log:
Update CVE-2015-8395/pcre3

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-03 19:10:36 UTC (rev 38084)
+++ data/CVE/list	2015-12-03 19:13:44 UTC (rev 38085)
@@ -6928,10 +6928,13 @@
 	TODO: check
 CVE-2015-8395 (PCRE before 8.38 mishandles certain references, which allows remote ...)
 	- pcre3 <unfixed>
+	[jessie] - pcre3 <no-dsa> (Minor issue)
+	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
+	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed in 8.38
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
 	NOTE: related issue to CVE-2015-8384 and CVE-2015-8392
-	TODO: check
+	NOTE: Same fix as used for CVE-2015-8381
 CVE-2015-8394 (PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) ...)
 	- pcre3 <unfixed>
 	[jessie] - pcre3 <no-dsa> (Minor issue)




More information about the Secure-testing-commits mailing list