Source: pcre3 Version: 2:8.35-7 Severity: important Tags: security upstream patch Control: forwarded -1 https://bugs.exim.org/show_bug.cgi?id=1537
Hi, >From https://bugzilla.redhat.com/show_bug.cgi?id=1187225 > It was reported that pcre_exec in PHP pcre extension partially > initialize a buffer when an invalid regex is processed, which can > information disclosure. A CVE was requested here: http://www.openwall.com/lists/oss-security/2015/08/04/3 Upstream patch for this issue is included in 8.37 AFAIK, and found here: http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510 Regards, Salvatore -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
