Hi, Salvatore Bonaccorso <car...@debian.org> (2017-02-18): > Hi Release managers, > > Please unblock package pcre3 > > The uploaded fixes #855405, which maps to the BTS the CVE > CVE-2017-6004 (the severity to grave is disputable, I admit that, but > think would be good to release stretch without that CVE open; it is > "just" that a specially crafted regular expression may cause a denial > of service for an application using pcre3, as it was demostrated in > the upstream bug for php). > > It builds on all release architectures: > > https://buildd.debian.org/status/package.php?p=pcre3 > > The changelog reads as: > > >pcre3 (2:8.39-2.1) unstable; urgency=high > > > > * Non-maintainer upload. > > * CVE-2017-6004: crafted regular expression may cause denial of service > > (Closes: #855405) > > > > -- Salvatore Bonaccorso <car...@debian.org> Fri, 17 Feb 2017 15:56:09 +0100 > > I'm including as requested the debdiff against the version in testing. > > The d-i release manager is X-Debbug-CC'ed since that would need an ack > as well from him, afaict. > > unblock pcre3/2:8.39-2.1
Thanks! No objections from me. KiBi.
signature.asc
Description: Digital signature
