[Secure-testing-commits] r49992 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Mar 24 11:44:21 UTC 2017


Author: carnil
Date: 2017-03-24 11:44:21 +0000 (Fri, 24 Mar 2017)
New Revision: 49992

Modified:
   data/CVE/list
Log:
Update CVE-2017-724{5,6}/pcre3

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-24 11:41:39 UTC (rev 49991)
+++ data/CVE/list	2017-03-24 11:44:21 UTC (rev 49992)
@@ -15,9 +15,11 @@
 CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...)
 	NOT-FOR-US: Gazelle torrent tracker
 CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
-	TODO: check
+	- pcre3 <unfixed>
+	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
 CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
-	TODO: check
+	- pcre3 <unfixed>
+	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
 CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...)
 	TODO: check
 CVE-2017-7243




More information about the Secure-testing-commits mailing list