[Pkg-erlang-devel] Wheezy update of erlang?

Sergei Golovan sgolovan at nes.ru
Wed Mar 22 11:00:49 UTC 2017


Hi Ola,

On Tue, Mar 21, 2017 at 10:27 PM, Ola Lundqvist <ola at inguza.com> wrote:
> Hi
>
> Great. Let us know when you have a package prepared (pachage and debdiff for
> us to check) so we can coordinate the upload with issuing the DLA.

On the other hand, are you sure that erlang 1:15.b.1-dfsg-4+deb7u1 (which is
in wheezy currently) is actually vulnerable? I've tried to compile the regular
expression which crashes the modern Erlang interpreter (taken from
https://vcs.pcre.org/pcre/code/trunk/testdata/testoutput2?r1=1540&r2=1542&pathrev=1542)
and it works fine:

$ erl
Erlang R15B01 (erts-5.9.1) [source] [64-bit] [smp:8:8]
[async-threads:0] [kernel-poll:false]

Eshell V5.9.1  (abort with ^G)
1> re:compile("(?<=((?2))((?1)))").
{error,{"lookbehind assertion is not fixed length",16}}
2>

 Are there any additional test data to try?

Cheers!
-- 
Sergei Golovan



More information about the Pkg-erlang-devel mailing list