[php-maint] Bug#778389: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Luciano Bello
luciano at debian.org
Sat Feb 14 14:15:46 UTC 2015
Package: php5
Severity: important
Tags: security
The security team received a report from the CERT Coordination Center that the
Henry Spencer regular expressions (regex) library contains a heap overflow
vulnerability. It looks like this package includes the affected code at that's
the reason of this bug report.
Please, can you confirm if the binary packages are affected? Are stable and
testing affected?
More information, here:
http://www.kb.cert.org/vuls/id/695940
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
A CVE id has been requested already and the report will be updated with it
eventually.
Cheers, luciano
More information about the pkg-php-maint
mailing list