[Secure-testing-commits] r38491 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Wed Dec 23 05:40:02 UTC 2015 

Author: carnil
Date: 2015-12-23 05:40:02 +0000 (Wed, 23 Dec 2015)
New Revision: 38491

Modified:
   data/CVE/list
Log:
pcre3 issues fixed in unstable with the 8.38 upload

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-12-23 05:31:33 UTC (rev 38490)
+++ data/CVE/list	2015-12-23 05:40:02 UTC (rev 38491)
@@ -2768,7 +2768,7 @@
 	NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
 	NOTE: http://www.openwall.com/lists/oss-security/2015/11/24/6
 CVE-2015-8381 (The compile_regex function in pcre_compile.c in PCRE before 8.38 and ...)
-	- pcre3 <unfixed> (bug #796762; bug #795539)
+	- pcre3 2:8.38-1 (bug #796762; bug #795539)
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
 	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
@@ -2780,7 +2780,7 @@
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1250943
 CVE-2015-8380 (The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a ...)
-	- pcre3 <unfixed> (bug #806467)
+	- pcre3 2:8.38-1 (bug #806467)
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: For wheezy: same code looks present around patched lines, though the
@@ -9635,7 +9635,7 @@
 CVE-2015-5703 (SQL injection vulnerability in the public key discovery API call in ...)
 	TODO: check
 CVE-2015-8395 (PCRE before 8.38 mishandles certain references, which allows remote ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
 	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
@@ -9644,21 +9644,21 @@
 	NOTE: related issue to CVE-2015-8384 and CVE-2015-8392
 	NOTE: Same fix as used for CVE-2015-8381
 CVE-2015-8394 (PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <no-dsa> (Minor issue)
 	[squeeze] - pcre3 <no-dsa> (Minor issue)
 	NOTE: Fixed in 8.38
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1589
 CVE-2015-8393 (pcregrep in PCRE before 8.38 mishandles the -q option for binary ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <no-dsa> (Minor issue)
 	[squeeze] - pcre3 <no-dsa> (Minor issue)
 	NOTE: Fixed in 8.38
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1586
 CVE-2015-8392 (PCRE before 8.38 mishandles certain instances of the (?| substring, ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
 	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
@@ -9666,7 +9666,7 @@
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
 	NOTE: related issue to CVE-2015-8384 and CVE-2015-8395
 CVE-2015-8391 (The pcre_compile function in pcre_compile.c in PCRE before 8.38 ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <no-dsa> (Minor issue)
 	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
@@ -9674,14 +9674,14 @@
 	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1579
 	NOTE: First bad commit: http://vcs.pcre.org/pcre?view=revision&revision=640
 CVE-2015-8390 (PCRE before 8.38 mishandles the [: and \\ substrings in character ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <no-dsa> (Minor issue)
 	[squeeze] - pcre3 <no-dsa> (Minor issue)
 	NOTE: Fixed in 8.38
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1578
 CVE-2015-8389 (PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue, --enable-jit not set during build anyway)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
@@ -9699,14 +9699,14 @@
 	NOTE: Fixed in 8.38
 	NOTE: Different issue than CVE-2015-5073 but same fixing commit
 CVE-2015-8387 (PCRE before 8.38 mishandles (?123) subroutine calls and related ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <no-dsa> (Minor issue)
 	[squeeze] - pcre3 <no-dsa> (Minor issue)
 	NOTE: Fixed in 8.38
 	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1563
 CVE-2015-8386 (PCRE before 8.38 mishandles the interaction of lookbehind assertions ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
 	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
@@ -9715,7 +9715,7 @@
 	NOTE: Reproducer fails starting from at least http://vcs.pcre.org/pcre?view=revision&revision=1379
 	NOTE: but the patched code is as well already present in wheezy at least.
 CVE-2015-8385 (PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <no-dsa> (Minor issue)
 	[squeeze] - pcre3 <no-dsa> (Minor issue)
@@ -9732,7 +9732,7 @@
 	NOTE: Fixed by http://vcs.pcre.org/pcre?view=revision&revision=1558
 	NOTE: Same fixing commit ad CVE-2015-3210 but different issues
 CVE-2015-8383 (PCRE before 8.38 mishandles certain repeated conditional groups, which ...)
-	- pcre3 <unfixed>
+	- pcre3 2:8.38-1
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <not-affected> (vulnerable coded introduce in 8.34)
 	[squeeze] - pcre3 <not-affected> (vulnerable code introduced in 8.34)
@@ -17053,7 +17053,7 @@
 	NOTE: Introduced by: http://cgit.freedesktop.org/polkit/commit/?id=6eeb077bc90c9c7783360a526b2f04645b1b0848
 CVE-2015-3217 [PCRE Library Call Stack Overflow Vulnerability in match()]
 	RESERVED
-	- pcre3 <unfixed> (bug #787641)
+	- pcre3 2:8.38-1 (bug #787641)
 	[jessie] - pcre3 <no-dsa> (Minor issue)
 	[wheezy] - pcre3 <no-dsa> (Minor issue)
 	[squeeze] - pcre3 <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list