[Secure-testing-commits] r50000 - data/CVE

Antoine Beaupré anarcat at moszumanska.debian.org
Fri Mar 24 17:43:01 UTC 2017 

Author: anarcat
Date: 2017-03-24 17:43:01 +0000 (Fri, 24 Mar 2017)
New Revision: 50000

Modified:
   data/CVE/list
Log:
add comments to the right CVE

the PCRE32-specific issues are CVE-2017-7244, CVE-2017-7245 and
CVE-2017-7246, not CVE-2017-7186.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-24 17:30:40 UTC (rev 49999)
+++ data/CVE/list	2017-03-24 17:43:01 UTC (rev 50000)
@@ -16,13 +16,22 @@
 	NOT-FOR-US: Gazelle torrent tracker
 CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
 	- pcre3 <unfixed>
+	[jessie] - pcre3 <not-affected> (Vulnerable code not present)
+	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
+	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
 CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
 	- pcre3 <unfixed>
+	[jessie] - pcre3 <not-affected> (Vulnerable code not present)
+	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
+	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
 CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...)
 	- pcre3 <unfixed>
+	[jessie] - pcre3 <not-affected> (Vulnerable code not present)
+	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
+	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
 CVE-2017-7243
 	RESERVED
 CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules ...)
@@ -226,8 +235,6 @@
 CVE-2017-7186 (libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote ...)
 	- pcre3 2:8.39-3 (bug #858230)
 	- pcre2 10.22-3 (bug #858233)
-	[jessie] - pcre3 <not-affected> (Vulnerable code not present)
-	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2052
 	NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date (for pcre3)
 	NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date (for pcre3)

More information about the Secure-testing-commits mailing list