[Touch-packages] [Bug 1396768] Re: pcre3 vulnerability CVE-2014, 2015

Thu, 23 Jul 2015 19:11:41 -0700 

@mdeslaur

Nope. but I got an error in current trusty pkg without my patch

you could also check current trusty pkg

###################

Test 2: API, errors, internals, and non-Perl stuff (not UTF-8)
--- ./testdata/testoutput2      2012-06-02 02:53:58.000000000 +0900
+++ testtry     2015-07-24 10:54:21.374674333 +0900
@@ -5794,13 +5794,16 @@
 No match
 
 /a{11111111111111111111}/I
-Failed: number too big in {} quantifier at offset 22
+Capturing subpattern count = 0
+No options
+First char = 'a'
+No need char
 
 /(){64294967295}/I
-Failed: number too big in {} quantifier at offset 14
+Failed: regular expression is too large at offset 15
 
 /(){2,4294967295}/I
-Failed: number too big in {} quantifier at offset 15
+Failed: numbers out of order in {} quantifier at offset 15
 
 "(?i:a)(?i:b)(?i:c)(?i:d)(?i:e)(?i:f)(?i:g)(?i:h)(?i:i)(?i:j)(k)(?i:l)A\1B"I
 Capturing subpattern count = 1

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcre3 in Ubuntu.
https://bugs.launchpad.net/bugs/1396768

Title:
  pcre3 vulnerability CVE-2014, 2015

Status in pcre3 package in Ubuntu:
  In Progress
Status in pcre3 source package in Precise:
  New
Status in pcre3 source package in Trusty:
  In Progress
Status in pcre3 source package in Utopic:
  In Progress
Status in pcre3 source package in Vivid:
  In Progress

Bug description:
  SRU Justification

  [Impact]

  CVE-2014-8964
  CVE-2015-2325
  CVE-2015-2326
  CVE-2015-3210
  CVE-2015-5073

  [Test Case]

  [Regression Potential]

  [Other Info]

  CVE-2014-8964

  https://security-tracker.debian.org/tracker/CVE-2014-8964
  https://bugzilla.redhat.com/show_bug.cgi?id=1166147
  http://bugs.exim.org/show_bug.cgi?id=1546

  Requires some heavy backporting to older releases, see:
  https://bugzilla.redhat.com/show_bug.cgi?id=1166147#c2.

  CVE-2015-2325

  https://security-tracker.debian.org/tracker/CVE-2015-2325
  http://bugs.exim.org/show_bug.cgi?id=1591
  http://vcs.pcre.org/pcre?view=revision&revision=1528

  CVE-2015-2326

  https://security-tracker.debian.org/tracker/CVE-2015-2326
  http://bugs.exim.org/show_bug.cgi?id=1592
  http://vcs.pcre.org/pcre?view=revision&revision=1529

  CVE-2015-3210

  https://security-tracker.debian.org/tracker/CVE-2015-3210
  https://bugs.exim.org/show_bug.cgi?id=1636
  http://vcs.pcre.org/pcre?view=revision&revision=1558

  CVE-2015-5073

  https://security-tracker.debian.org/tracker/CVE-2015-5073
  https://bugs.exim.org/show_bug.cgi?id=1651
  http://vcs.pcre.org/pcre?view=revision&revision=1571

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1396768/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to