[Git][security-tracker-team/security-tracker][master] Mark pcre3 as removed from unstable

Tue Feb 4 05:16:03 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a70cc82 by Salvatore Bonaccorso at 2025-02-04T06:15:37+01:00
Mark pcre3 as removed from unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -372089,7 +372089,7 @@ CVE-2020-14095 (In Xiaomi router R3600, ROM version<1.0.20, a connect service su
 CVE-2020-14094 (In Xiaomi router R3600, ROM version<1.0.20, the connection service can ...)
 	NOT-FOR-US: Xiaomi
 CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...)
-	- pcre3 <unfixed> (unimportant)
+	- pcre3 <removed> (unimportant)
 	NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 (8.43)
 	NOTE: Only an issue when UTF support disabled
 CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...)
@@ -524710,7 +524710,7 @@ CVE-2017-16232 (LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which al
 	NOTE: The related commit is included in 4.0.9. The underlying memory-based DOS
 	NOTE: would still be present.
 CVE-2017-16231 (In PCRE 8.41, after compiling, a pcretest load test PoC produces a cra ...)
-	- pcre3 <unfixed> (unimportant)
+	- pcre3 <removed> (unimportant)
 CVE-2017-16230 (In admin/write-post.php in Typecho through 1.1, one can log in to the  ...)
 	NOT-FOR-US: Typecho
 CVE-2017-16229 (In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based b ...)
@@ -540087,7 +540087,7 @@ CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6
 CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitiv ...)
 	NOT-FOR-US: dataTaker
 CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exe ...)
-	- pcre3 <unfixed> (unimportant)
+	- pcre3 <removed> (unimportant)
 	NOTE: http://openwall.com/lists/oss-security/2017/07/11/3
 CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ...)
 	- cacti 1.1.12+ds1-1 (bug #868080)
@@ -552611,7 +552611,7 @@ CVE-2017-7248 (A Cross-Site Scripting (XSS) was discovered in Gazelle before 201
 CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before  ...)
 	NOT-FOR-US: Gazelle torrent tracker
 CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in p ...)
-	- pcre3 <unfixed> (bug #858679; unimportant)
+	- pcre3 <removed> (bug #858679; unimportant)
 	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2057
@@ -552619,7 +552619,7 @@ CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function
 	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
 	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41)
 CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in p ...)
-	- pcre3 <unfixed> (bug #858678; unimportant)
+	- pcre3 <removed> (bug #858678; unimportant)
 	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
 	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=2055



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a70cc8266c29cb20111f0230de5b466b81552db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a70cc8266c29cb20111f0230de5b466b81552db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250204/cd1ce01f/attachment.htm>
