Package: php5 Severity: important Tags: security The security team received a report from the CERT Coordination Center that the Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability. It looks like this package includes the affected code at that's the reason of this bug report.
Please, can you confirm if the binary packages are affected? Are stable and testing affected? More information, here: http://www.kb.cert.org/vuls/id/695940 https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/ A CVE id has been requested already and the report will be updated with it eventually. Cheers, luciano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org