Your message dated Thu, 18 Jun 2020 19:18:53 +0000
with message-id <[email protected]>
and subject line Bug#963086: fixed in pcre3 2:8.39-13
has caused the Debian Bug report #963086,
regarding pcre3: CVE-2020-14155
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
963086: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963086
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pcre3
Version: 2:8.39-12
Severity: important
Tags: security upstream
Forwarded: https://bugs.exim.org/show_bug.cgi?id=2463
Control: found -1 2:8.39-3
Hi,
The following vulnerability was published for pcre3.
CVE-2020-14155[0]:
| libpcre in PCRE before 8.44 allows an integer overflow via a large
| number after a (?C substring.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-14155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155
[1] https://bugs.exim.org/show_bug.cgi?id=2463
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pcre3
Source-Version: 2:8.39-13
Done: Matthew Vernon <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pcre3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthew Vernon <[email protected]> (supplier of updated pcre3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 18 Jun 2020 19:33:56 +0100
Source: pcre3
Binary: libpcre3 libpcre3-udeb libpcrecpp0v5 libpcre3-dev libpcre3-dbg pcregrep
libpcre16-3 libpcre32-3
Architecture: source
Version: 2:8.39-13
Distribution: unstable
Urgency: medium
Maintainer: Matthew Vernon <[email protected]>
Changed-By: Matthew Vernon <[email protected]>
Description:
libpcre16-3 - Old Perl 5 Compatible Regular Expression Library - 16 bit runtime
libpcre3 - Old Perl 5 Compatible Regular Expression Library - runtime files
libpcre3-dbg - Old Perl 5 Compatible Regular Expression Library - debug symbols
libpcre3-dev - Old Perl 5 Compatible Regular Expression Library - development
fi
libpcre3-udeb - Old Perl 5 Compatible Regular Expression Library - runtime
files (udeb)
libpcre32-3 - Old Perl 5 Compatible Regular Expression Library - 32 bit runtime
libpcrecpp0v5 - Old Perl 5 Compatible Regular Expression Library - C++ runtime
fi
pcregrep - grep utility that uses perl 5 compatible regexes.
Closes: 963086
Changes:
pcre3 (2:8.39-13) unstable; urgency=medium
.
* upstream patch fixing CVE-2020-14155 (Closes: #963086)
Checksums-Sha1:
b835bb08c84c65ed70093fee8132a4fd1f421a1f 2226 pcre3_8.39-13.dsc
eb83e4150da20607a79461f7e25e3cef867516f4 27002 pcre3_8.39-13.debian.tar.gz
Checksums-Sha256:
c3a2eb4f02de5b2e00787ed2a35eb82f04ee4b5e99b8ff279bae3c6453aad93b 2226
pcre3_8.39-13.dsc
a2143d7358d69b61955a4f977980050447f8891c0e6737080f2b14b920fbde87 27002
pcre3_8.39-13.debian.tar.gz
Files:
222c40416c84d1980c46c3777395c322 2226 libs optional pcre3_8.39-13.dsc
76c3d489b8ac99153ce141410ce7566c 27002 libs optional
pcre3_8.39-13.debian.tar.gz
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEuk75yE35bTfYoeLUEvTSHI9qY8gFAl7rt6MTHG1hdHRoZXdA
ZGViaWFuLm9yZwAKCRAS9NIcj2pjyGFTD/9nAH96FPYyd3QolJ6/Dc38MAJXy9Jo
Z5jXBKQLvOIwmGPQPZs0RIXKovISmZTm/fkysVEFKZU3MopROKOkdIKUsoKUdQ2o
Ww2MMXFXfnhHVYvetuab/ykAn/a7aA7DHW8nr7LKi9HOOYhb98DfKBMq47j/+39P
q3hc1PzQdwqfw7zeJ2OYXgotwebUJtoAsPWT7uWwZ9XcRtwS/Ktft+l2wIaNMiQQ
TjGj6eGESkAI2cHIsIIuA/G33Ksc20zsvkG3x1ocz0CEWKPTESe8CIjzRTg96mYF
v+Ck5I6oM4DeZZpI/rtmD2Nw/bJc5OAxvJApOX65FQ0z/OdenW7NR8BdBNiViJPi
UZasmLxiI/Sfsk9FIyyqaDr+1eQEie/TBbBohIqkCqTcHERip1cuk9cAdcrribQb
1jGmkpqZIJCGJaFuvJNgQkIKoNHBl7auyd1wg5+/Yc1FWClnN/TnyNKdsv8mLqIK
3DEF8chphRNmqrstNJxKDi5iX4qvHeB4r5dOUVks4P37zeuHOzgG0D1u0WVfd59d
HyEUK0AR6T1E1qJ0ujAKHDcdGOV6Ak0vO1l+Oau2JETOxRVu5XPeNf1ynGGOA1tj
PkJ00B4498ARsD54V3p4apL7RSxqyaS3ELAI6O4POPoRioEnWS240lN59NyDBH6y
T89bRINUN+x23Q==
=tThd
-----END PGP SIGNATURE-----
--- End Message ---
