Bug#778404: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Moritz Muehlenhoff
jmm at inutil.org
Mon Feb 16 16:19:03 UTC 2015
severity 778404 minor
thanks
On Sat, Feb 14, 2015 at 03:39:19PM +0100, Luciano Bello wrote:
> Package: ptlib
> Severity: important
> Tags: security patch
>
> The security team received a report from the CERT Coordination Center that the
> Henry Spencer regular expressions (regex) library contains a heap overflow
> vulnerability. It looks like this package includes the affected code at that's
> the reason of this bug report.
The configure script picks the glibc regex code, so this doesn't affect
the Debian binary packages.
It would still be useful to report this upstream, so that they update
the local regex code (it could be that the local one is used when
building with a libc other than glibc)
Cheers,
Moritz
More information about the Pkg-voip-maintainers
mailing list