Hi, On 03/04/15 10:30, Salvatore Bonaccorso wrote:
> the following vulnerability was published for pcre3. > > CVE-2015-2325[0]: > heap buffer overflow in compile_branch() Thanks for the bug report. > I was not able to reproduce the actual overflow with the reproducer, > but comment #1 [1] in upstream bug report suggest that the bug is > present. With the attached (backported) but only lightly tested patch > the issue running the reproducer goes away. I've only just taken over maintaining pcre3; my feeling is that at this point in the release cycle I shouldn't be trying to get a freeze exception in a widely-depended-upon library for a severity:important bug. Regards, Matthew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
