[Secure-testing-commits] r49992 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Mar 24 11:44:21 UTC 2017
Author: carnil
Date: 2017-03-24 11:44:21 +0000 (Fri, 24 Mar 2017)
New Revision: 49992
Modified:
data/CVE/list
Log:
Update CVE-2017-724{5,6}/pcre3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-24 11:41:39 UTC (rev 49991)
+++ data/CVE/list 2017-03-24 11:44:21 UTC (rev 49992)
@@ -15,9 +15,11 @@
CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...)
NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
- TODO: check
+ - pcre3 <unfixed>
+ NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
- TODO: check
+ - pcre3 <unfixed>
+ NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...)
TODO: check
CVE-2017-7243
More information about the Secure-testing-commits
mailing list