Hi,
I've tried to reproduce the PCRE3 issues from CVE-2017-7186.
CVE-2017-7244, CVE-2017-7245 and CVE-2017-7246 are similar fuzzing
attacks so this probably applies to those as well.
Thanks for looking at these. I fixed CVE-2017-7186 with upstream's patch
in sid. It's unfortunate that
On 14/04/15 07:57, Raphael Hertzog wrote:
On Mon, 13 Apr 2015, Ferenc Wagner wrote:
Anyway, I pushed the backported fix to the squeeze branch of
http://anonscm.debian.org/cgit/pkg-shibboleth/shibboleth-sp2.git. You
can find the corresponding source package at http://apt.niif.hu/lts/