Date: Wed, 2 Dec 2015 18:58:39 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: hanno@...eck.de, cve-assign@...re.org Subject: Re: Re: Heap Overflow in PCRE Hi MITRE team, On Wed, Dec 02, 2015 at 12:00:31AM -0500, cve-assign@...re.org wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html > > This is CVE-2015-8380. > > The other PCRE issues have the consecutive IDs from CVE-2015-8381 to > CVE-2015-8395 inclusive. See the URLs such as: > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8381 I have a question about CVE-2015-8384, according to https://bugzilla.redhat.com/show_bug.cgi?id=1287623 the fixing commit in upstream VCS is r1558, but (cf. https://bugzilla.redhat.com/show_bug.cgi?id=1287623#c6) CVE-2015-3210 was assigned for the issue fixed by the same revision r1558. Should any of those two CVE be rejected? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ