[Secure-testing-commits] r50037 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Mar 25 07:57:01 UTC 2017


Author: carnil
Date: 2017-03-25 07:57:01 +0000 (Sat, 25 Mar 2017)
New Revision: 50037

Modified:
   data/CVE/list
Log:
Adjust entry for CVE-2017-7244

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-25 07:38:15 UTC (rev 50036)
+++ data/CVE/list	2017-03-25 07:57:01 UTC (rev 50037)
@@ -77,8 +77,8 @@
 	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
 	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
 CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...)
-	- pcre3 <unfixed>
-	[jessie] - pcre3 <not-affected> (Vulnerable code not present)
+	- pcre3 <unfixed> (bug #858683)
+	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
 	NOTE: pcre32 support enabled only in pcre3/1:8.35-4




More information about the Secure-testing-commits mailing list