Summary: | <=dev-libs/libpcre-6.1 - Heap Overflow May Let Users Execute Arbitrary Code | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Carsten Lohrke (RETIRED) <carlo> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | eradicator | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B1 [glsa] DerCorny | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Carsten Lohrke (RETIRED)
2005-08-22 06:51:19 UTC
"Applications that parse untrusted regular expressions may be vulnerable." Not sure that's very common. Should of course be fixed nevertheless. PCRE 6.3 is available: ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ Created attachment 66565 [details]
Maybe a bit lame, but helps till the real ebuild comes
6.3 is in portage. What's the m68k alias? stable on ppc64 stable on mips. Stable on ppc, added vapier for m68k. Also stable on hppa. stable on ppc-macos We came, we tested, we alpha'd. Cheers, Ferdy Security covered arches stable, ready for GLSA. GLSA 200508-17 Thanks to everybody involved. Minor issue: The GLSA says <6.3 is affected, but from the annnouncement it's <6.2. I don't think we've ever had a 6.2 in Portage. |