[Secure-testing-commits] r50054 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Mar 25 19:11:27 UTC 2017
Author: carnil
Date: 2017-03-25 19:11:27 +0000 (Sat, 25 Mar 2017)
New Revision: 50054
Modified:
data/CVE/list
Log:
Add upstream bugs for pcre3 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-03-25 17:10:37 UTC (rev 50053)
+++ data/CVE/list 2017-03-25 19:11:27 UTC (rev 50054)
@@ -76,18 +76,21 @@
- pcre3 <unfixed> (bug #858679)
[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.exim.org/show_bug.cgi?id=2057
NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
NOTE: pcre32 support enabled only in pcre3/1:8.35-4
CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
- pcre3 <unfixed> (bug #858678)
[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.exim.org/show_bug.cgi?id=2055
NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
NOTE: pcre32 support enabled only in pcre3/1:8.35-4
CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...)
- pcre3 <unfixed> (bug #858683)
[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
+ NOTE: https://bugs.exim.org/show_bug.cgi?id=2054
NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
NOTE: pcre32 support enabled only in pcre3/1:8.35-4
NOTE: Bisected and the following change addresses the issue for pcre3:
More information about the Secure-testing-commits
mailing list