Source: erlang Version: 1:19.2.1+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/erlang/otp/pull/1108
Hi, the following vulnerability was published for erlang. CVE-2016-10253[0]: | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of | compiled regular expressions is vulnerable to a heap overflow. Regular | expressions using a malformed extpattern can indirectly specify an | offset that is used as an array index. This ordinal permits arbitrary | regions within the erts_alloc arena to be both read and written to. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10253 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10253 Please adjust the affected versions in the BTS as needed. Regards, Salvatore