[Secure-testing-commits] r39105 - in data: . CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 23 14:48:19 UTC 2016
Author: carnil
Date: 2016-01-23 14:48:19 +0000 (Sat, 23 Jan 2016)
New Revision: 39105
Modified:
data/CVE/list
data/next-point-update.txt
Log:
Merge pcre3 fixes from Jessie 8.3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-23 14:44:57 UTC (rev 39104)
+++ data/CVE/list 2016-01-23 14:48:19 UTC (rev 39105)
@@ -13151,7 +13151,7 @@
NOTE: Only after r1577 looks like there is another new issue (stack-buffer-underflow, READ of size 4 when running PoC)
CVE-2015-8388 (PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and ...)
- pcre3 2:8.35-7
- [jessie] - pcre3 <no-dsa> (Minor issue)
+ [jessie] - pcre3 2:8.35-3.3+deb8u1
[wheezy] - pcre3 <no-dsa> (Minor issue)
[squeeze] - pcre3 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1651
@@ -13183,7 +13183,7 @@
NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1559
CVE-2015-8384 (PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and ...)
- pcre3 2:8.35-7.2
- [jessie] - pcre3 <no-dsa> (Minor issue)
+ [jessie] - pcre3 2:8.35-3.3+deb8u1
[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1636
@@ -15282,7 +15282,7 @@
CVE-2015-5073 [Heap Overflow Vulnerability in find_fixedlength()]
RESERVED
- pcre3 2:8.35-7 (bug #790000)
- [jessie] - pcre3 <no-dsa> (Minor issue)
+ [jessie] - pcre3 2:8.35-3.3+deb8u1
[wheezy] - pcre3 <no-dsa> (Minor issue)
[squeeze] - pcre3 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1651
@@ -20556,7 +20556,7 @@
CVE-2015-3210 [heap buffer overflow in pcre_compile2() / compile_regex()]
RESERVED
- pcre3 2:8.35-7.2 (bug #787433)
- [jessie] - pcre3 <no-dsa> (Minor issue)
+ [jessie] - pcre3 2:8.35-3.3+deb8u1
[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1636
@@ -23247,7 +23247,7 @@
NOTE: https://jira.mongodb.org/browse/SERVER-17252
NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3
- pcre3 2:8.35-7.2 (low)
- [jessie] - pcre3 <no-dsa> (Minor issue)
+ [jessie] - pcre3 2:8.35-3.3+deb8u1
[wheezy] - pcre3 <no-dsa> (Minor issue)
[squeeze] - pcre3 <no-dsa> (Minor issue)
NOTE: https://bugs.exim.org/show_bug.cgi?id=1503
@@ -23256,7 +23256,7 @@
CVE-2015-2326 [heap buffer overflow in pcre_compile2()]
RESERVED
- pcre3 2:8.35-7.2 (bug #783285)
- [jessie] - pcre3 <no-dsa> (Minor issue)
+ [jessie] - pcre3 2:8.35-3.3+deb8u1
[wheezy] - pcre3 <not-affected> (Vulnerable code introuced while refactoring between 8.33 and 8.36)
[squeeze] - pcre3 <not-affected> (Vulnerable code introuced while refactoring between 8.33 and 8.36)
NOTE: http://bugs.exim.org/show_bug.cgi?id=1592
@@ -23266,6 +23266,7 @@
CVE-2015-2325 [heap buffer overflow in compile_branch()]
RESERVED
- pcre3 2:8.35-7.2 (unimportant; bug #781795)
+ [jessie] - pcre3 2:8.35-3.3+deb8u1
NOTE: http://bugs.exim.org/show_bug.cgi?id=1591
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1528
NOTE: Reproducer leads to "Failed: internal error: previously-checked referenced subpattern not found at offset 17"
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2016-01-23 14:44:57 UTC (rev 39104)
+++ data/next-point-update.txt 2016-01-23 14:48:19 UTC (rev 39105)
@@ -6,20 +6,6 @@
[jessie] - ansible 1.7.2+dfsg-2+deb8u1
CVE-2015-3253
[jessie] - groovy 1.8.6-4+deb8u1
-CVE-2015-5073
- [jessie] - pcre3 2:8.35-3.3+deb8u1
-CVE-2015-8388
- [jessie] - pcre3 2:8.35-3.3+deb8u1
-CVE-2015-3210
- [jessie] - pcre3 2:8.35-3.3+deb8u1
-CVE-2015-8384
- [jessie] - pcre3 2:8.35-3.3+deb8u1
-CVE-2015-2327
- [jessie] - pcre3 2:8.35-3.3+deb8u1
-CVE-2015-2326
- [jessie] - pcre3 2:8.35-3.3+deb8u1
-CVE-2015-2325
- [jessie] - pcre3 2:8.35-3.3+deb8u1
CVE-2015-5741
[jessie] - golang 2:1.3.3-1+deb8u1
CVE-2015-5740
More information about the Secure-testing-commits
mailing list