Your message dated Thu, 13 Sep 2012 19:18:23 +0000
with message-id <[email protected]>
and subject line Bug#686495: fixed in pcre3 1:8.31-1
has caused the Debian Bug report #686495,
regarding libpcre3: Very large value for re_nsub
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
686495: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686495
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpcre3
Version: 1:8.30-5
Severity: grave
Tags: patch
Justification: causes non-serious data loss
Dear Maintainer,
when compiling the regular expression
regex_t rx;
regcomp(&rx, "^(\\(\\))? *(.*)$", 0)
I get the large value 140733193388034 for rx.re_nsub. As this value is often
used afterwards in malloc this normally leads to the termination of the
programm (either because of the segfault or due to the assumption of no free
memory), so unsaved data gets lost.
The problem is well known
(http://www.exim.org/lurker/message/20120822.143744.147fd5d2.de.html)
and a patch exists (http://bugs.exim.org/attachment.cgi?id=586). I can
confirm that the patch works.
Please consider applying the patch.
Cheers
Patrick
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (900, 'testing'), (500, 'testing-proposed-updates'), (500,
'stable-updates'), (400, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpcre3 depends on:
ii libc6 2.13-35
ii multiarch-support 2.13-35
libpcre3 recommends no packages.
libpcre3 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: pcre3
Source-Version: 1:8.31-1
We believe that the bug you reported is fixed in the latest version of
pcre3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Baker <[email protected]> (supplier of updated pcre3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 13 Sep 2012 19:58:45 +0100
Source: pcre3
Binary: libpcre3 libpcre3-udeb libpcrecpp0 libpcre3-dev libpcre3-dbg pcregrep
Architecture: source i386
Version: 1:8.31-1
Distribution: unstable
Urgency: low
Maintainer: Mark Baker <[email protected]>
Changed-By: Mark Baker <[email protected]>
Description:
libpcre3 - Perl 5 Compatible Regular Expression Library - runtime files
libpcre3-dbg - Perl 5 Compatible Regular Expression Library - debug symbols
libpcre3-dev - Perl 5 Compatible Regular Expression Library - development files
libpcre3-udeb - Perl 5 Compatible Regular Expression Library - runtime files
(ude (udeb)
libpcrecpp0 - Perl 5 Compatible Regular Expression Library - C++ runtime files
pcregrep - grep utility that uses perl 5 compatible regexes.
Closes: 686495
Changes:
pcre3 (1:8.31-1) unstable; urgency=low
.
* New upstream release
* Applied patch from upstream bugzilla #1287 to fix bug where wrong
value is in re_nsub in some cases (Closes: #686495)
Checksums-Sha1:
88cc1513516743ac375be8f6d0ccbb76fb26e3a1 1044 pcre3_8.31-1.dsc
0dbaafba44df557761e8041dfa79140277b9507a 1661535 pcre3_8.31.orig.tar.gz
2f4e6b7f738b7d30e1e9314100259f5ef29be699 15705 pcre3_8.31-1.debian.tar.gz
272ad268931e780e543f931ba0b4d5ab682fbc5d 245572 libpcre3_8.31-1_i386.deb
948df8410802fb55ce5e3b6d3f213376785d184e 93732 libpcre3-udeb_8.31-1_i386.udeb
20966aa964fcf1cb6a4185f2733adcdcd3a58e5e 128516 libpcrecpp0_8.31-1_i386.deb
6d4a35ce7adb4c9e10c7895e53b7f0c093ccb15e 351098 libpcre3-dev_8.31-1_i386.deb
8b56862b4a4f612c2c8bcb8d61cf6f9b6906f056 284950 libpcre3-dbg_8.31-1_i386.deb
ad89b1441cbfb31311a935c2da33b557a217a36e 26078 pcregrep_8.31-1_i386.deb
Checksums-Sha256:
0f20fe7851dfbc41f70aedc8c8847f0077e09844eab3313fb570966e595649ae 1044
pcre3_8.31-1.dsc
4e1f5d462796fdf782650195050953b8503b2a2fc05c31b681c2d5d54d1f659b 1661535
pcre3_8.31.orig.tar.gz
2d8d9afba4b088ac3d25050f7026a8c0a9a7412e28075e0ca8c87d72011b2c28 15705
pcre3_8.31-1.debian.tar.gz
9b9e64c4c4051cbece0849b7f2de352b2bed6342c34eaf20de4dcd5f0137b9dd 245572
libpcre3_8.31-1_i386.deb
12ba770bc6d8e2fed5f7976da7d2816255518f811e462fd86a114634cf4fab5e 93732
libpcre3-udeb_8.31-1_i386.udeb
46393ef102076fe8fefbcabd02daf79dba9f56dafc7557d2ec0d7d5fbe6076d4 128516
libpcrecpp0_8.31-1_i386.deb
087d3cfeea5f9ba7aa90a70fab3387b61ad03aa78e2f25f00cab48e4f95d206f 351098
libpcre3-dev_8.31-1_i386.deb
b6c65a6f0a3774112017711b42032057af9e64d74cf2ac26cd7ed1605b420847 284950
libpcre3-dbg_8.31-1_i386.deb
8231f61266f2f9a378a89f9357eabf0507b1f616dc22fb1d9284bacb70eef32e 26078
pcregrep_8.31-1_i386.deb
Files:
22d9c85f6a6bd0e2def3a575a1b0fd6e 1044 libs optional pcre3_8.31-1.dsc
fab1bb3b91a4c35398263a5c1e0858c1 1661535 libs optional pcre3_8.31.orig.tar.gz
607a0fefdf3e6ce14d15d2e1191c86ff 15705 libs optional pcre3_8.31-1.debian.tar.gz
b83cf7ed7b6b329c90ff2a68436330f2 245572 libs important libpcre3_8.31-1_i386.deb
ab7bfe6b474065e7a6dada839e0e3a80 93732 debian-installer important
libpcre3-udeb_8.31-1_i386.udeb
b916502b852753aac06dd3ec663bf740 128516 libs optional
libpcrecpp0_8.31-1_i386.deb
bbacb08776cd5ec9e5a7d22c2d570022 351098 libdevel optional
libpcre3-dev_8.31-1_i386.deb
2295ac6eaad3024b4a0b37860e866962 284950 debug extra
libpcre3-dbg_8.31-1_i386.deb
63c61cdf632e66dbc7699ffb53bb72b5 26078 utils optional pcregrep_8.31-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlBSLlQACgkQLk+GuosNQvmtZgCff9qS6bgDNn0EVRB60dScJA4X
E3MAnAjiFmVEAUiWk1Rogxse19hDCh4R
=bBep
-----END PGP SIGNATURE-----
--- End Message ---
