Bug 105138

Summary:	dev-lang/wml contains affected libpcre
Product:	Gentoo Security	Reporter:	Thierry Carrez (RETIRED) <koon>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	major
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B1? [stable] jaervosz
Package list:		Runtime testing required:	---

Description Thierry Carrez (RETIRED) gentoo-dev

2005-09-07 05:06:06 UTC

wml 2.0.9 ships with PCRE 3.9 which might is probably affected by CAN-2005-2491,
see bug #103337 and GLSA 200508-17 for details.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-09-08 23:42:37 UTC

Vapier/Solar please advise.

Comment 2 SpanKY gentoo-dev

2005-09-09 23:50:59 UTC

ive fixed the autotools to use the system libpcre instead of the local one in
2.0.9-r1

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-09-10 01:00:36 UTC

Thx Mike. 
 
Arches please test and mark stable.

Comment 4 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev

2005-09-11 07:23:13 UTC

Stable on ppc.

Comment 5 Jason Wever (RETIRED) gentoo-dev

2005-09-11 21:10:36 UTC

Got SPARC?

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2005-09-12 04:53:50 UTC

After closer research, WML includes the affected library but this cannot be
exploited to do anything. Closing (x86 should nevertheless mark stable, I guess)