[Secure-testing-commits] r50038 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Mar 25 08:12:16 UTC 2017
Author: carnil
Date: 2017-03-25 08:12:16 +0000 (Sat, 25 Mar 2017)
New Revision: 50038
Modified:
data/CVE/list
Log:
Expand note for CVE-2017-7244/pcre3
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-25 07:57:01 UTC (rev 50037)
+++ data/CVE/list 2017-03-25 08:12:16 UTC (rev 50038)
@@ -82,6 +82,8 @@
[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
NOTE: pcre32 support enabled only in pcre3/1:8.35-4
+ NOTE: Bisected and the following change addresses the issue for pcre3:
+ NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1688 (8.41)
CVE-2017-7243 (Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause ...)
NOT-FOR-US: Eclipse tinydtls for Eclipse IoT
CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules ...)
More information about the Secure-testing-commits
mailing list