Stefan Fritsch wrote on 23/08/2005 23:15:
Patch extracted from difference between upstream versions 6.0 and
6.1, modified to patch version 4.5. Patch is attached.
While the issue corresponding to your patch should be fixed as well,
this is not the patch for CAN-2005-2491. The securitytracker
Hi!
Since I have to fix apache2 2.0.50 for Ubuntu, which still has an
embedded pcre 3.x, I also took a look at the woody version. I took a
look at the code and played with the test suite, and it seems to me
that the capture part works ok; just the integer underflow must be
fixed:
--- pcre.c
+++
Stefan Fritsch wrote on 23/08/2005 23:15:
Patch extracted from difference between upstream versions 6.0 and
6.1, modified to patch version 4.5. Patch is attached.
While the issue corresponding to your patch should be fixed as well,
this is not the patch for CAN-2005-2491. The securitytracker
Martin Pitt wrote:
Hi!
Since I have to fix apache2 2.0.50 for Ubuntu, which still has an
embedded pcre 3.x, I also took a look at the woody version. I took a
look at the code and played with the test suite, and it seems to me
that the capture part works ok; just the integer underflow must
* Sven Mueller:
+/* Read the minimum value and do a paranoid check: a negative value indicates
+an integer overflow. */
+
while ((digitab[*p] ctype_digit) != 0) min = min * 10 + *p++ - '0';
+if (min 0 || min 65535)
This doesn't work. Signed integer overflow is undefined. Future GCC
Joey Hess wrote on 23/08/2005 01:43:
Adrian Bunk wrote:
It should be checked which of the versions in unstable/testing,
stable and oldstable might be affected by CAN-2005-2491
(PCRE Heap Overflow May Let Users Execute Arbitrary Code).
Which is unfortunatly still marked as reserved in the
Hi,
Patch extracted from difference between upstream versions 6.0 and
6.1, modified to patch version 4.5. Patch is attached.
While the issue corresponding to your patch should be fixed as well,
this is not the patch for CAN-2005-2491. The securitytracker page
states that 6.1 and prior
Package: pcre3
Severity: critical
Tags: security, woody, sarge, etch, sid
It should be checked which of the versions in unstable/testing,
stable and oldstable might be affected by CAN-2005-2491
(PCRE Heap Overflow May Let Users Execute Arbitrary Code).
--
To UNSUBSCRIBE, email to [EMAIL
On Mon, Aug 22, 2005 at 06:15:53PM +0200, Adrian Bunk wrote:
It should be checked which of the versions in unstable/testing,
stable and oldstable might be affected by CAN-2005-2491
(PCRE Heap Overflow May Let Users Execute Arbitrary Code).
I'm away on business until wednesday night; if
9 matches
Mail list logo
