[Secure-testing-commits] r36618 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Sep 11 18:17:26 UTC 2015
Author: carnil
Date: 2015-09-11 18:17:26 +0000 (Fri, 11 Sep 2015)
New Revision: 36618
Modified:
data/CVE/list
Log:
Add fixed version for some pcre3 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-11 17:52:32 UTC (rev 36617)
+++ data/CVE/list 2015-09-11 18:17:26 UTC (rev 36618)
@@ -2713,7 +2713,7 @@
CVE-2015-5703
RESERVED
CVE-2015-XXXX [Information disclosure]
- - pcre3 <unfixed> (bug #794589)
+ - pcre3 2:8.35-7.2 (bug #794589)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <no-dsa> (Minor issue)
[squeeze] - pcre3 <no-dsa> (Minor issue)
@@ -6792,7 +6792,7 @@
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 (v4.0-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/6
CVE-2015-XXXX [PCRE Library Stack Overflow Vulnerability]
- - pcre3 <unfixed> (low)
+ - pcre3 2:8.35-7.2 (low)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <no-dsa> (Minor issue)
[squeeze] - pcre3 <no-dsa> (Minor issue)
@@ -6800,7 +6800,7 @@
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1495
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/31/5
CVE-2015-XXXX [PCRE Call Stack Overflow Vulnerability]
- - pcre3 <unfixed> (low)
+ - pcre3 2:8.35-7.2 (low)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <no-dsa> (Minor issue)
[squeeze] - pcre3 <no-dsa> (Minor issue)
@@ -9571,7 +9571,7 @@
- php5 <not-affected> (Red Hat specific problem in the rpm package)
CVE-2015-3210 [heap buffer overflow in pcre_compile2() / compile_regex()]
RESERVED
- - pcre3 <unfixed> (bug #787433)
+ - pcre3 2:8.35-7.2 (bug #787433)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
@@ -12226,7 +12226,7 @@
NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3
CVE-2015-2326 [heap buffer overflow in pcre_compile2()]
RESERVED
- - pcre3 <unfixed> (bug #783285)
+ - pcre3 2:8.35-7.2 (bug #783285)
[jessie] - pcre3 <no-dsa> (Minor issue)
[wheezy] - pcre3 <not-affected> (Vulnerable code introuced while refactoring between 8.33 and 8.36)
[squeeze] - pcre3 <not-affected> (Vulnerable code introuced while refactoring between 8.33 and 8.36)
@@ -12236,7 +12236,7 @@
NOTE: Issue introduced as a side effect of refactoring happened between 8.33 and 8.36
CVE-2015-2325 [heap buffer overflow in compile_branch()]
RESERVED
- - pcre3 <unfixed> (unimportant; bug #781795)
+ - pcre3 2:8.35-7.2 (unimportant; bug #781795)
NOTE: http://bugs.exim.org/show_bug.cgi?id=1591
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1528
NOTE: Reproducer leads to "Failed: internal error: previously-checked referenced subpattern not found at offset 17"
More information about the Secure-testing-commits
mailing list