** Changed in: erlang (Ubuntu Intrepid)
Status: Fix Released = Fix Committed
** Changed in: erlang (Ubuntu Intrepid)
Status: Fix Committed = Fix Released
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this
This bug was fixed in the package erlang - 1:13.b.3-dfsg-2ubuntu2
---
erlang (1:13.b.3-dfsg-2ubuntu2) lucid; urgency=low
* CVE-2008-2371: outer level option with alternatives caused crash.
(LP: #535090).
-- Ralf Doering rdoer...@netsys-it.de Thu, 11 Mar 2010 15:20:06 +0100
This bug was fixed in the package erlang - 1:13.b.1-dfsg-2ubuntu1.1
---
erlang (1:13.b.1-dfsg-2ubuntu1.1) karmic-security; urgency=low
* SECURITY UPDATE: denial of service via Heap-based buffer overflow in
pcre_compile.c in the Perl-Compatible Regular Expression (PCRE)
Uploaded karmic to the security queue.
** Changed in: erlang (Ubuntu Karmic)
Status: In Progress = Fix Committed
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this bug notification because you are a member of
Uploaded lucid. The archive is frozen currently, so this won't show up
until beta-2 is released.
** Changed in: erlang (Ubuntu Lucid)
Status: In Progress = Fix Committed
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You
This bug was fixed in the package erlang - 1:12.b.5-dfsg-2ubuntu0.1
---
erlang (1:12.b.5-dfsg-2ubuntu0.1) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service via Heap-based buffer overflow in
pcre_compile.c in the Perl-Compatible Regular Expression (PCRE)
This bug was fixed in the package erlang - 1:12.b.3-dfsg-1ubuntu1.1
---
erlang (1:12.b.3-dfsg-1ubuntu1.1) intrepid-security; urgency=low
* SECURITY UPDATE: denial of service via Heap-based buffer overflow in
pcre_compile.c in the Perl-Compatible Regular Expression (PCRE)
** Also affects: erlang (Ubuntu Intrepid)
Importance: Undecided
Status: New
** Also affects: erlang (Ubuntu Jaunty)
Importance: Undecided
Status: New
** Also affects: erlang (Ubuntu Karmic)
Importance: Undecided
Status: New
** Also affects: erlang (Ubuntu Lucid)
Thanks for the patches Ralf!
Intrepid and Jaunty: ACK
erlang is officially supported in Karmic and Lucid, so a member of the
security team will review the patchsets, perform QA and release a USN
(for karmic).
** Changed in: erlang (Ubuntu Intrepid)
Status: In Progress = Fix Committed
**
Packages for Intrepid and Jaunty have been uploaded to the security
queue.
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
Just to be complete I'll add the debdiffs for Intrepid and Jaunty for
easier review. All debdiffs are built straight from the linked branches.
** Patch added: intrepid-535090-debdiff.patch
http://launchpadlibrarian.net/40964445/intrepid-535090-debdiff.patch
--
CVE-2008-2371 (outer level
** Patch added: jaunty-535090-debdiff.patch
http://launchpadlibrarian.net/40964470/jaunty-535090-debdiff.patch
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this bug notification because you are a member of Ubuntu
** Branch linked: lp:~rdoering/ubuntu/karmic/erlang/fix-535090
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs
Fixed packages built from the above branches/debdiffs (with modified
version numbers ~ppa1) can be found in my ppa
https://launchpad.net/~rdoering/+archive/fixes. Please test. Lucid
packages are already there, Karmic packages are awaiting their build
right now.
--
CVE-2008-2371 (outer level
Subscribing ubuntu-security-sponsors as per the instructions here:
https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this bug notification because you are a member of Ubuntu
This is a debdiff of packages build from the linked branch
lp:~rdoering/ubuntu/karmic/erlang/fix-535090 for karmic. Packages can be
build with the patch applied and fix the problem.
** Patch added: karmic-535090-take1.patch
http://launchpadlibrarian.net/40878005/karmic-535090-take1.patch
**
Sorry for not seeing the typos in the karmic changelog before uploading.
Branch and debdiff updated.
** Patch added: karmic-535090-take2.patch
http://launchpadlibrarian.net/40878486/karmic-535090-take2.patch
--
CVE-2008-2371 (outer level option with alternatives caused crash)
** Branch linked: lp:~rdoering/ubuntu/jaunty/erlang/fix-535090
** Branch linked: lp:~rdoering/ubuntu/intrepid/erlang/fix-535090
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this bug notification because you are a member
I will try to prepare fixed packages for lucid and for SRU in karmic.
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
** Branch linked: lp:~rdoering/ubuntu/lucid/erlang/fix-535090
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs
Here is a debdiff against current lucid sources to fix this. The fix was
cherrypicked from upstream commit
bb6370a20be07e6bd0c9f6e89a3cd9719dccbfd3 and slightly adjusted: the
patch for the testsuite does not apply cleanly on lucid sources. As this
test is not necessary for the fix it's hunk was
** Changed in: erlang (Ubuntu)
Status: New = Confirmed
** Changed in: erlang (Ubuntu)
Importance: Undecided = Low
** Visibility changed to: Public
--
CVE-2008-2371 (outer level option with alternatives caused crash)
https://bugs.launchpad.net/bugs/535090
You received this bug
22 matches
Mail list logo