Debian Bug report logs -
#815920
pcre2: CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply nested parentheses
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#815920; Package src:pcre2.
(Thu, 25 Feb 2016 18:36:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthew Vernon <matthew@debian.org>.
(Thu, 25 Feb 2016 18:36:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: pcre2
Version: 10.20-3
Severity: important
Tags: security upstream patch fixed-upstream
Forwarded: https://bugs.exim.org/show_bug.cgi?id=1791
Hi
See https://bugs.exim.org/show_bug.cgi?id=1791 . Upstream commit is
http://vcs.pcre.org/pcre2?view=revision&revision=489 . No CVE is yet
assigned.
Regards,
Salvatore
Reply sent
to Matthew Vernon <matthew@debian.org>:
You have taken responsibility.
(Sat, 27 Feb 2016 16:27:13 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sat, 27 Feb 2016 16:27:13 GMT) (full text, mbox, link).
Message #10 received at 815920-close@bugs.debian.org (full text, mbox, reply):
Source: pcre2
Source-Version: 10.21-1
We believe that the bug you reported is fixed in the latest version of
pcre2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 815920@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthew Vernon <matthew@debian.org> (supplier of updated pcre2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Feb 2016 15:21:34 +0000
Source: pcre2
Binary: libpcre2-8-0 libpcre2-16-0 libpcre2-32-0 libpcre2-posix0 libpcre2-dev libpcre2-dbg pcre2-utils
Architecture: i386 source
Version: 10.21-1
Distribution: unstable
Urgency: low
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Matthew Vernon <matthew@debian.org>
Closes: 815920
Description:
libpcre2-16-0 - New Perl Compatible Regular Expression Library - 16 bit runtime f
libpcre2-32-0 - New Perl Compatible Regular Expression Library - 32 bit runtime f
libpcre2-8-0 - New Perl Compatible Regular Expression Library- 8 bit runtime fil
libpcre2-dbg - New Perl Compatible Regular Expression Library - debug symbols
libpcre2-dev - New Perl Compatible Regular Expression Library - development file
libpcre2-posix0 - New Perl Compatible Regular Expression Library - posix-compatible
pcre2-utils - New Perl Compatible Regular Expression Library - utilities
Changes:
pcre2 (10.21-1) unstable; urgency=low
.
* New upstream version
* Upstream patch to fix workspace overflow for (*ACCEPT) with deeply
nested parentheses (Closes: #815920)
Checksums-Sha1:
dc1bc2a893da9c8650cfa3cf04a9433924adc880 1982 pcre2_10.21-1.dsc
3f0641583c87aa57d7760883c239391e2e5a5221 1943713 pcre2_10.21.orig.tar.gz
a80589922b9687059eff0a387296a4cd3de3af6a 4376 pcre2_10.21-1.diff.gz
0c72dd8dc1ae05383db77e72ddf11f637317f98d 169732 libpcre2-16-0_10.21-1_i386.deb
7b453d9f280672bc1d1bf4271e4ea65ac9fc4391 160992 libpcre2-32-0_10.21-1_i386.deb
48920dbe7be31a30f3669f7fea9a0e4b64bc0ed0 178062 libpcre2-8-0_10.21-1_i386.deb
c4c1f57b6362474e38a2dd5a7b2b83a8f0f732cd 1060964 libpcre2-dbg_10.21-1_i386.deb
92d2405cc91af1020f9a900e20fe60efe66281ed 565530 libpcre2-dev_10.21-1_i386.deb
6b3dfc1a49ecf428a6ecea4bf2618942c01b46b5 18948 libpcre2-posix0_10.21-1_i386.deb
e43c93aba7b3b21b8f13ddf0083b4146470c5dac 99860 pcre2-utils_10.21-1_i386.deb
Checksums-Sha256:
420b008a26854ebb8f0ad2fcc4ef0def7528b9179d1e61de9d951253cf0d3ecf 1982 pcre2_10.21-1.dsc
1cfd43caffe07fe7f2cfafc74c8f0d87b38d80bbb63226a1193407476508e317 1943713 pcre2_10.21.orig.tar.gz
7ab181c5708aa80a0b542da56e06b60db140bf0df6b9bd0be304a14a40a1ee7d 4376 pcre2_10.21-1.diff.gz
540bcc259578acd7f52fb656b57b1881a311ecbc2ca5f4cc5ced9d22105a37cf 169732 libpcre2-16-0_10.21-1_i386.deb
ee536b41777111e79b8afe7f2e1823cd3b36978c4ce0c147763293297de6f18d 160992 libpcre2-32-0_10.21-1_i386.deb
8ce7d6949137587f87a7803b9ab6709e9e7fd698bb37b4bb7d5ec3cf14e86735 178062 libpcre2-8-0_10.21-1_i386.deb
cc7a777a27fca63db988cae75acd8235133208cad664060b855f4e78c17e106e 1060964 libpcre2-dbg_10.21-1_i386.deb
e57f1efeeb91e928f989a07404893048e1954697c22dd7a2a5eb581ae3d2c3bb 565530 libpcre2-dev_10.21-1_i386.deb
ae8ff3e9504b84318efdbf8ab4bf4ecf09f5d648859eb71401d5f0cd4e0ecdde 18948 libpcre2-posix0_10.21-1_i386.deb
ffa750a322b7cb7f411eb30a5f8bd548975f2a44aa73be66a885706205f07546 99860 pcre2-utils_10.21-1_i386.deb
Files:
f4a2139ceb92392d72d5cc306c8b53d0 1982 libs optional pcre2_10.21-1.dsc
b75fcdcce309c9778d1a5733b591c5db 1943713 libs optional pcre2_10.21.orig.tar.gz
13160459d5f3401e5bd41282cf6e9529 4376 libs optional pcre2_10.21-1.diff.gz
df3ce0fdb16b1920062ce8074e187e6c 169732 libs optional libpcre2-16-0_10.21-1_i386.deb
187ad7e7ef81dbe1ee0504f0029c6911 160992 libs optional libpcre2-32-0_10.21-1_i386.deb
22242d92e7484727cbb0dd90ae2bc05c 178062 libs optional libpcre2-8-0_10.21-1_i386.deb
fe4c13167e07e980a2c98dd5534d0844 1060964 debug extra libpcre2-dbg_10.21-1_i386.deb
1cce7934e0f96a51a6d0c379c6fd860f 565530 libdevel optional libpcre2-dev_10.21-1_i386.deb
374429d2b3f5bc030f8e3680d2b21f74 18948 libs optional libpcre2-posix0_10.21-1_i386.deb
03551057a504fb23ad27e010e3ba0109 99860 utils optional pcre2-utils_10.21-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJW0cj3AAoJEBL00hyPamPI0/YQAIF57yOCYpl1O2wopmw7HzQS
FKbtFTHT9SZiCguu6be3CDjTdk2yY6sqqliV2h5DcvXd2t9tRCp12yx3vw6qWXzL
Jz+Nruf/BiPSvvsSFQPhaSexojdrmDxoJ5i6zkpScO3PP1XQRLO7pOgrN8/TLjl9
euIcBm2HZQK2eelX0I3Qy3C67O3BWTO5WND32Tmjs/4Lg+/c62y6K3hOE8D6GEyc
GCORpO6vBgICcUy/KcXKy9x+pjP1Gamdapayfngfp5KrBk9onH6gqDw44p7yeAG7
BNcBL5J7a0PGMZf4LAL3eWBZrvyEWZkEen/zx2LhHlMwFO3DNKVjt1Zluf70KHl7
56q5clciczcLdmNRlGE2dGz3zs1POfFCNCQG7Da2WRaY0/+V+Tr+t63a26heCEai
fE6KxisfeOk+IdQJz4t9MTcQxr8uTX5IVIO8FvG6si7DrXrR9C3pJp2r5L0IkCAB
tMjPh48lN1A5e4TvlRIpK6nfSqm0hKDpPv+Kz9YaW1oDxpdwa69cMvEItqBtZFLD
CvZry5cJpMwlHOmRxqRL8GlTZYAONMjk6S/obj0rMCeO8uk8UvgkSZp474q3sf4j
R78IsCckIxPT0jTkQWrnzDGrW9/qYt5+x2PtqKKjDJDRypG64N4vZLDgaPt2SswC
mUJ/n7KMIHLEB4TKnMcB
=HKXN
-----END PGP SIGNATURE-----
Changed Bug title to 'pcre2: CVE-2016-3191: workspace overflow for (*ACCEPT) with deeply nested parentheses' from 'pcre2: workspace overflow for (*ACCEPT) with deeply nested parentheses'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 18 Mar 2016 05:51:04 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 15 Apr 2016 07:27:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:14:04 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon