Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 Dec 2015 18:58:39 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: hanno@...eck.de, cve-assign@...re.org
Subject: Re: Re: Heap Overflow in PCRE

Hi MITRE team,

On Wed, Dec 02, 2015 at 12:00:31AM -0500, cve-assign@...re.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> > https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html
> 
> This is CVE-2015-8380.
> 
> The other PCRE issues have the consecutive IDs from CVE-2015-8381 to
> CVE-2015-8395 inclusive. See the URLs such as:
> 
>   https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8381

I have a question about CVE-2015-8384, according to
https://bugzilla.redhat.com/show_bug.cgi?id=1287623 the fixing commit
in upstream VCS is r1558, but (cf.
https://bugzilla.redhat.com/show_bug.cgi?id=1287623#c6) CVE-2015-3210
was assigned for the issue fixed by the same revision r1558.

Should any of those two CVE be rejected?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ