Date: Wed, 12 Apr 2023 12:07:02 +0100 From: Matthew Vernon <matthew@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE-2017-11164 - stack exhaustion in PCRE On 11/04/2023 12:22, Sevan Janiyan wrote: > "PCRE1 has become totally obsolete and is no longer maintained. The > final release was 8.45 (June 2021)" > > So just a heads up if you're still linking against PCRE 8.x but software > in question supports PCRE2, perhaps it's time to switch and default to > PCRE2. I've been trying to push towards getting old-PCRE out of Debian; you can track the outstanding bugs online, and there's similar for Ubuntu. Once the next Debian release "bookworm" is out, I'm hoping to be able to make the outstanding bugs release critical, moving towards not shipping the older pcre (called pcre3 in Debian for Historical Reasons) in the next release... Regards, Matthew [PCRE maintainer for Debian]  https://udd.debian.org/bugs/?release=any&merged=ign&fnewerval=7&flastmodval=7&fusertag=only&fusertagtag=obsolete-pcre3&fusertaguser=matthew-pcredep%40debian.org&allbugs=1&sortby=id&sorto=asc&format=html#results  https://bugs.launchpad.net/ubuntu/+source/pcre3/+bug/1792544
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.