[Secure-testing-commits] r50095 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2017-03-27 16:49:59 +0000 (Mon, 27 Mar 2017)
New Revision: 50095

Modified:
   data/CVE/list
Log:
Updates for CVE-2017-724{5,6}/pcre3, #858678, #858679

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-03-27 16:43:14 UTC (rev 50094)
+++ data/CVE/list	2017-03-27 16:49:59 UTC (rev 50095)
@@ -105,19 +105,21 @@
 CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...)
 	NOT-FOR-US: Gazelle torrent tracker
 CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
-	- pcre3 <unfixed> (bug #858679)
+	- pcre3 <unfixed> (bug #858679; unimportant)
 	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2057
 	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
 	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
+	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41)
 CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
-	- pcre3 <unfixed> (bug #858678)
+	- pcre3 <unfixed> (bug #858678; unimportant)
 	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2055
 	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
 	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
+	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41)
 CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...)
 	- pcre3 2:8.39-3 (bug #858683)
 	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)