[Secure-testing-commits] r50004 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Mar 24 18:36:52 UTC 2017
Author: carnil
Date: 2017-03-24 18:36:52 +0000 (Fri, 24 Mar 2017)
New Revision: 50004
Modified:
data/CVE/list
Log:
Adjust jessie entries for pcre3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-24 18:34:53 UTC (rev 50003)
+++ data/CVE/list 2017-03-24 18:36:52 UTC (rev 50004)
@@ -16,13 +16,13 @@
NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
- pcre3 <unfixed>
- [jessie] - pcre3 <not-affected> (Vulnerable code not present)
+ [jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
NOTE: pcre32 support enabled only in pcre3/1:8.35-4
CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
- pcre3 <unfixed>
- [jessie] - pcre3 <not-affected> (Vulnerable code not present)
+ [jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
NOTE: pcre32 support enabled only in pcre3/1:8.35-4
More information about the Secure-testing-commits
mailing list