https://bugzilla.redhat.com/show_bug.cgi?id=1312782
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |unspecified
Status|NEW |CLOSED
Fixed In Version| |pcre 8.39
Resolution|--- |NOTABUG
Summary|pcre: Heap buffer overflow |pcre: Heap buffer overflow
|in pcretest causing |in pcretest causing
|infinite loop |infinite loop (8.39/15)
Whiteboard|impact=moderate,public=2016 |impact=none,public=20160114
|0114,reported=20160114,sour |,reported=20160114,source=r
|ce=redhat,cvss2=4.3/AV:N/AC |edhat,cwe=CWE-122,rhel-5/pc
|:M/Au:N/C:N/I:N/A:P,cwe=CWE |re=new,rhel-6/pcre=new,rhel
|-122,rhel-5/pcre=new,rhel-6 |-7/pcre=new,rhel-6/glib2=ne
|/pcre=new,rhel-7/pcre=new,r |w,rhel-7/glib2=new,rhel-7/v
|hel-6/glib2=new,rhel-7/glib |irtuoso-opensource=new,rhsc
|2=new,rhel-7/virtuoso-opens |l-2/php54-php=new,rhscl-2/p
|ource=new,rhscl-2/php54-php |hp55-php=new,rhscl-2/rh-php
|=new,rhscl-2/php55-php=new, |56-php=new,rhscl-2/rh-maria
|rhscl-2/rh-php56-php=new,rh |db100-mariadb=new,rhscl-2/r
|scl-2/rh-mariadb100-mariadb |h-mariadb101-mariadb=new,jb
|=new,rhscl-2/rh-mariadb101- |ews-1/httpd=new,jbews-2/htt
|mariadb=new,jbews-1/httpd=n |pd=new,jbews-3/pcre=new,dir
|ew,jbews-2/httpd=new,jbews- |ectory_server_8/pcre=new,fe
|3/pcre=new,directory_server |dora-all/pcre=affected,fedo
|_8/pcre=new,fedora-all/pcre |ra-all/mingw-pcre=affected,
|=affected,fedora-all/mingw- |fedora-all/glib2=affected,f
|pcre=affected,fedora-all/gl |edora-all/mingw-glib2=affec
|ib2=affected,fedora-all/min |ted,epel-7/mingw-pcre=affec
|gw-glib2=affected,epel-7/mi |ted,epel-7/mingw-glib2=affe
|ngw-pcre=affected,epel-7/mi |cted
|ngw-glib2=affected |
Severity|medium |unspecified
Last Closed| |2016-03-17 10:06:19
--- Comment #9 from Tomas Hoger <thoger(a)redhat.com> ---
This is similar to bug 1285413 comment 7 and not relevant / security for the
same reasons - pcretest is an application used for testing the pcre library.
It offers ways to use the library in ways that are incorrect with respect to
the documented API.
Additionally, as this flaw is in the pcretest application, components that
embed the pcre library while not using pcretest (e.g. glib2 mentioned above)
could not have been affected.
Upstream version 8.13 is the first where infinite loop is triggered, valgrind
reports "Conditional jump or move depends on uninitialised value(s)" error in
earlier versions.
--
You are receiving this mail because:
You are on the CC list for the bug.