Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 21 Nov 2014 14:40:19 +1100
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: heap buffer overflow in PCRE

On 11/21/2014 01:43 AM, Vasyl Kaigorodov wrote:
> Hello,
>
> Heap buffer overflow issue was reported [1] in PCRE when processing a
> specially crafted regular expression.
>
> Upstream patch for this:
> http://www.exim.org/viewvc/pcre2?view=rev&revision=154
> The next upstream release that will contain the above fix is likely to
> be around Feb/Mar next year (2015).
>
> Additional references:
> [1]: http://bugs.exim.org/show_bug.cgi?id=1546
> [2]: https://bugzilla.redhat.com/show_bug.cgi?id=1166147
>
> Can a CVE be assigned to this please?
>
> Thanks.
>

Morning,

If it was not already seen, http://bugs.exim.org/show_bug.cgi?id=1546#c8 
has "If you can, please reference CVE-2014-8964 as a CVE for this 
potential security
vulnerability."

I do not know who assigned it.

Cheers,

--
Murray McAllister / Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.