Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 05 Aug 2014 15:50:32 +1000
From: Murray McAllister <>
Subject: CVE request: issues in ISO C++ 2011 regex library


Maksymilian Arciemowicz reported a number of issues in the ISO C++ 2011 
regex libraries:


For the memory corruption bug (61582), there seems to be more than one 
issue here (at least a heap-based buffer overflow and a stack overflow 
of some sort). Can a single CVE be assigned, or do you need specific 
details for each issue (I don't currently have those)?

With GCC 4.8 in Fedora, the affected program needs to be compiled using 
the "-std=c++11" option.


Murray McAllister / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.