Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#42860 - [pcre] Heap overflow in <= 8.36
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Thursday, 20 November 2014, 15:51 GMT
Last edited by Sébastien Luttringer (seblu) - Friday, 21 November 2014, 22:58 GMT
Opened by Remi Gacogne (rgacogne) - Thursday, 20 November 2014, 15:51 GMT
Last edited by Sébastien Luttringer (seblu) - Friday, 21 November 2014, 22:58 GMT
|
DetailsA heap overflow has been found [1] in PCRE <= 8.36. There is no release planned before several months [2], so I think we may want to backport the patch [3] from upstream.
There has been no CVE assigned yet, I will update this when one have been. [1] http://bugs.exim.org/show_bug.cgi?id=1546 [2] http://bugs.exim.org/show_bug.cgi?id=1546#c7 [3] http://vcs.pcre.org/viewvc/code/trunk/pcre_exec.c?r1=1510&r2=1513 |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Friday, 21 November 2014, 22:58 GMT
Reason for closing: Fixed
Additional comments about closing: pcre-8.36-2
Friday, 21 November 2014, 22:58 GMT
Reason for closing: Fixed
Additional comments about closing: pcre-8.36-2