[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
The version 7.4 update has published now. ** Changed in: pcre3 (Ubuntu Feisty) Status: Fix Committed = Fix Released ** Changed in: pcre3 (Ubuntu Gutsy) Status: Fix Committed = Fix Released ** Changed in: pcre3 (Ubuntu Edgy) Status: Fix Committed = Fix Released ** Changed in: pcre3 (Ubuntu Dapper) Status: Fix Committed = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-7230 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-7227 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2006-7228 -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Works ok so far on Dapper with these applications (but it was only lightly tested): exim4-daemon-light nmap exim4-daemon-light epiphany-extensions -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Here is a list of source packages from main that are depend on libpcre3 on Dapper: analog apache2 epiphany-extensions exim4 eximon4 kdeedu (libkdeedu3, kalzium, kstars) kdebindings (libkjsembed1) kdelibs kdenetwork (kopete) kdewebdev (klinkstatus) kdeaddons (konq-plugins, noatun-plugins) ktorrent nmap pan php5 postfix-pcre quanta xfce4-verve-plugin zsh zsh-beta -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Analysis shows these source packages should not have to be tested on Dapper, as they don't actually use pcre: kdeaddons kdebindings kdeedu kdewebdev ktorrent To be doubly sure, I did: grep -ri pcre source dir kdebindings references pcre in kjsembed files: qjsembed.nsi(win32) qjsembed.pro(win32) kjsembed.pro(unix) says to link against it, but nothing uses it directly kdewebdev has 'pcre.tag' in /kdewebdev-3.5.2/quanta/data/dtep/php/pcre.tag but doesn't actually use it. -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Running Kubuntu Gutsy with the following rdepends on libpcre3 installed: ii apache2-utils2.2.4-3build1 utility programs for webservers ii digikam 2:0.9.2-2ubuntu2 digital photo management application for KDE ii kaddressbook 4:3.5.7enterprise20070926-0ubuntu2 KDE NG addressbook application ii kaffeine 0.8.5-0ubuntu1 versatile media player for KDE 3 ii kchmviewer 3.1.2-0ubuntu1 CHM viewer for KDE ii kdelibs4c2a 4:3.5.8-0ubuntu3.1 core libraries and binaries for all KDE appl ii kdelibs4c2a 4:3.5.8-0ubuntu3.1 core libraries and binaries for all KDE appl ii kmail4:3.5.7enterprise20070926-0ubuntu2 KDE Email client ii kmobiletools 0.4.3.3-0ubuntu1 KDE application for controlling your mobile ii kontact 4:3.5.7enterprise20070926-0ubuntu2 KDE pim application ii kopete 4:3.5.8-0ubuntu2 instant messenger for KDE ii kopete-otr 0.6-0ubuntu1 Off-The-Record encryption for Kopete ii ktorrent 2.2.1-0ubuntu3 BitTorrent client for KDE ii nmap 4.20-2 The Network Mapper ii wireshark-common 0.99.6rel-3network traffic analyser (common files) The only couple of things that are somewhat odd since my update to the proposed pcre3 is that ktorrent would seem to eat a lot more processing than usual, giving the appearance of a hanged app; the same in kopete (although it happens less, but then again I also use that package less than the former.) But then again, they may also be issues unrelated to this. -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Testers can use apt-cache --installed rdepends libpcre3 to check which installed packages depend on pcre3, so you know a bit about what to test. I note over a dozen packages on one of my machines. There are 183 in all (minus some odd dups?), and some are libraries that are used by other packages :-) -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Accepted into gutsy-proposed. ** Changed in: pcre3 (Ubuntu Gutsy) Status: In Progress = Fix Committed -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Accepted into feisty-proposed. ** Changed in: pcre3 (Ubuntu Feisty) Status: In Progress = Fix Committed -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
7.3 in Hardy is not vulnerable. Marking Fix Released there. As for the other pcre3, I have uploaded 7.4 versions into -proposed for additional testing. So far, I have no found an regressions. I would like to see the pcre3 updates tested more widely before pushing this into -security. Since this is a full-version update, I want to be cautious. ** Changed in: pcre3 (Ubuntu Hardy) Status: Triaged = Fix Released -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Accepted into edgy-proposed. ** Changed in: pcre3 (Ubuntu Edgy) Status: In Progress = Fix Committed -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Fix accepted into dapper-proposed ** Changed in: pcre3 (Ubuntu Dapper) Status: In Progress = Fix Committed -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
OT: Do I need better glasses, or is Remove CVE link a new feature? -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
** Changed in: pcre3 (Ubuntu Dapper) Importance: Undecided = Medium Assignee: (unassigned) = Kees Cook (keescook) Status: New = In Progress ** Changed in: pcre3 (Ubuntu Edgy) Importance: Undecided = Medium Assignee: (unassigned) = Kees Cook (keescook) Status: New = In Progress ** Changed in: pcre3 (Ubuntu Feisty) Importance: Undecided = Medium Assignee: (unassigned) = Kees Cook (keescook) Status: New = In Progress ** Changed in: pcre3 (Ubuntu Gutsy) Importance: Undecided = Medium Assignee: (unassigned) = Kees Cook (keescook) Status: New = In Progress -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
Thanks for the report! We're currently testing upgrades to 7.4; updates should be available shortly. ** Changed in: pcre3 (Ubuntu Hardy) Status: New = Triaged -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5116 -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 160454] Re: [pcre3] several security issues in Perl-Compatible Regular Expression library
I'm sorry and guess that this bug shouldn't point to CVE-2007-5116. See also Bug #160693 . -- [pcre3] several security issues in Perl-Compatible Regular Expression library https://bugs.launchpad.net/bugs/160454 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
