[Pkg-clamav-devel] Bug#778406: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Mon Feb 16 12:30:36 UTC 2015
forwarded 778406 https://bugzilla.clamav.net/show_bug.cgi?id=11264
thanks
On Sun, Feb 15, 2015 at 11:43:46PM +0100, Andreas Cadhalpun wrote:
> Hi Sebastian,
Hi Andreas,
> I think a fix for wheezy can wait for the next upstream release.
Good. I will wait what upstream says. Maybe they drop usage of the library
since they check for PCRE since two releases or so.
> >[0] https://anonscm.debian.org/cgit/pkg-clamav/clamav.git/commit/?id=a2344cea2a22089ff0bac16c16e060ebb06425b0
>
> This patch misses the declaration of the maxlen variable.
Thanks. I also provided the wrong one upstrea… Fixed now.
> Best regards,
> Andreas
Sebastian
More information about the Pkg-clamav-devel
mailing list