Source: pcre2 Version: 10.22-3 Severity: minor Tags: security upstream patch Forwarded: https://bugs.exim.org/show_bug.cgi?id=2079
Hi, the following vulnerability was published for pcre2. CVE-2017-8786[0]: | pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of | service (heap-based buffer overflow) or possibly have unspecified other | impact via a crafted regular expression. The issue is only in the pcre2test utility, so IMHO no immediate update is needed. But if you get an unblock from the release team, then even better and might already be fixed for stretch. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8786 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8786 [1] https://bugs.exim.org/show_bug.cgi?id=2079 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
