[Secure-testing-team] Bug#827564: pcre3: Stack corruption from crafted pattern
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 17 20:35:33 UTC 2016
Source: pcre3
Version: 2:8.35-3.3
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: https://bugs.exim.org/show_bug.cgi?id=1780
>From the upstream changelog (no CVE assigned):
> +16. An invalid pattern fragment such as (?(?C)0 was not diagnosing an error
> ("assertion expected") when (?(?C) was not followed by an opening
> parenthesis.
Upstream report: https://bugs.exim.org/show_bug.cgi?id=1780
Upstream fix; http://vcs.pcre.org/pcre?view=revision&revision=1638 (8.39)
Regards,
SAlvatore
More information about the Secure-testing-team
mailing list