Hi, I intent to NMU pcre3 to fix this bug. debdiff attached and archived on: http://people.debian.org/~nion/nmu-diff/pcre3-7.6-2_7.6-2.1.patch
Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u pcre3-7.6/debian/changelog pcre3-7.6/debian/changelog
--- pcre3-7.6/debian/changelog
+++ pcre3-7.6/debian/changelog
@@ -1,3 +1,12 @@
+pcre3 (7.6-2.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix heap overflow in the pcre compiler triggered by
+ patterns which contain options and multiple branches
+ (CVE-2008-2371; Closes: #488919).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Mon, 14 Jul 2008 19:13:11 +0200
+
pcre3 (7.6-2) unstable; urgency=low
* pcrecpp.cc: Applied patch from PCRE bugzilla (bug 664) to fix ABI
only in patch2:
unchanged:
--- pcre3-7.6.orig/pcre_compile.c
+++ pcre3-7.6/pcre_compile.c
@@ -4831,7 +4831,7 @@
(lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
{
cd->external_options = newoptions;
- options = newoptions;
+ options = *optionsptr = newoptions;
}
else
{
pgpNGH7Iuj7Lr.pgp
Description: PGP signature
