[Secure-testing-team] Bug#781795: pcre3: CVE-2015-2325: heap buffer overflow in compile_branch()
Salvatore Bonaccorso
carnil at debian.org
Fri Apr 3 09:30:18 UTC 2015
Source: pcre3
Version: 1:8.30-5
Severity: important
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for pcre3.
CVE-2015-2325[0]:
heap buffer overflow in compile_branch()
I was not able to reproduce the actual overflow with the reproducer,
but comment #1 [1] in upstream bug report suggest that the bug is
present. With the attached (backported) but only lightly tested patch
the issue running the reproducer goes away.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-2325
[1] http://bugs.exim.org/show_bug.cgi?id=1591#c1
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2015-2325.patch
Type: text/x-diff
Size: 6989 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20150403/f2f54a85/attachment.patch>
More information about the Secure-testing-team
mailing list