[Secure-testing-team] Bug#861873: pcre2: CVE-2017-8786
Salvatore Bonaccorso
carnil at debian.org
Fri May 5 09:14:12 UTC 2017
Source: pcre2
Version: 10.22-3
Severity: minor
Tags: security upstream patch
Forwarded: https://bugs.exim.org/show_bug.cgi?id=2079
Hi,
the following vulnerability was published for pcre2.
CVE-2017-8786[0]:
| pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of
| service (heap-based buffer overflow) or possibly have unspecified other
| impact via a crafted regular expression.
The issue is only in the pcre2test utility, so IMHO no immediate
update is needed. But if you get an unblock from the release team,
then even better and might already be fixed for stretch.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8786
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8786
[1] https://bugs.exim.org/show_bug.cgi?id=2079
Regards,
Salvatore
More information about the Secure-testing-team
mailing list