Debian bug report:
Reproducer from the Debian bug:
int main(int argc, char **argv)
rc = regcomp(&preg, "()*)|\\1)*", REG_EXTENDED);
assert(rc == 0);
regexec(&preg, "", 2, pmatch, 0);
This was assigned CVE-2015-8985 even though it is debatable whether this is a security bug.
All affected packages are masked. No cleanup (toolchain package).
Security please proceed.
This issue was resolved and addressed in
GLSA 201908-06 at https://security.gentoo.org/glsa/201908-06
by GLSA coordinator Aaron Bauman (b-man).