[Secure-testing-commits] r34540 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed May 27 11:37:41 UTC 2015
Author: carnil
Date: 2015-05-27 11:37:41 +0000 (Wed, 27 May 2015)
New Revision: 34540
Modified:
data/CVE/list
Log:
Update entry for CVE-2015-2325/pcre3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-27 11:33:28 UTC (rev 34539)
+++ data/CVE/list 2015-05-27 11:37:41 UTC (rev 34540)
@@ -4622,13 +4622,14 @@
NOTE: Issue introduced as a side effect of refactoring happened between 8.33 and 8.36
CVE-2015-2325 [heap buffer overflow in compile_branch()]
RESERVED
- - pcre3 <unfixed> (bug #781795)
- [jessie] - pcre3 <not-affected> (Fixed earlier, reproducer fails)
+ - pcre3 <unfixed> (unimportant; bug #781795)
NOTE: http://bugs.exim.org/show_bug.cgi?id=1591
NOTE: http://vcs.pcre.org/viewvc?revision=1528&view=revision
NOTE: Reproducer leads to "Failed: internal error: previously-checked referenced subpattern not found at offset 17"
NOTE: Upstream claims that it should though be the same bug:
NOTE: http://bugs.exim.org/show_bug.cgi?id=1591#c1
+ NOTE: Comment from upstream: Probably every version since the support for forward referencing
+ NOTE: was introduced is affected.
CVE-2015-2324
RESERVED
CVE-2015-2323
More information about the Secure-testing-commits
mailing list