Source: pcre3 Source-Version: 2:8.39-3 Hi Matthew,
On Sat, Mar 25, 2017 at 08:45:16AM +0100, Salvatore Bonaccorso wrote: > Source: pcre3 > Version: 2:8.39-2.1 > Severity: important > Tags: upstream security > > Hi, > > the following vulnerability was published for pcre3. > > CVE-2017-7244[0]: > | The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 > | allows remote attackers to cause a denial of service (invalid memory > | read) via a crafted file. I confirm: this one is fixed by http://vcs.pcre.org/pcre?view=revision&revision=1688 upstream (so with the same commit as CVE-2017-7186), at least when I tried to bisect as well the upstrema VCS, I reached this commit to address the issue from https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/ Regards, Salvatore
