Source: pcre3 Version: 2:8.35-7 Severity: important Tags: security upstream patch Control: forwarded -1 https://bugs.exim.org/show_bug.cgi?id=1537
Hi, >From https://bugzilla.redhat.com/show_bug.cgi?id=1187225 > It was reported that pcre_exec in PHP pcre extension partially > initialize a buffer when an invalid regex is processed, which can > information disclosure. A CVE was requested here: http://www.openwall.com/lists/oss-security/2015/08/04/3 Upstream patch for this issue is included in 8.37 AFAIK, and found here: http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
