oss-sec mailing list archives
Re: Re: Heap Overflow in PCRE
From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 2 Dec 2015 18:58:39 +0100
Hi MITRE team, On Wed, Dec 02, 2015 at 12:00:31AM -0500, cve-assign () mitre org wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.htmlThis is CVE-2015-8380. The other PCRE issues have the consecutive IDs from CVE-2015-8381 to CVE-2015-8395 inclusive. See the URLs such as: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8381
I have a question about CVE-2015-8384, according to https://bugzilla.redhat.com/show_bug.cgi?id=1287623 the fixing commit in upstream VCS is r1558, but (cf. https://bugzilla.redhat.com/show_bug.cgi?id=1287623#c6) CVE-2015-3210 was assigned for the issue fixed by the same revision r1558. Should any of those two CVE be rejected? Regards, Salvatore
Current thread:
- Re: Heap Overflow in PCRE, (continued)
- Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Fabian Keil (Nov 24)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE Fabian Keil (Nov 25)
- Re: Heap Overflow in PCRE Hanno Böck (Nov 24)
- Re: Heap Overflow in PCRE cve-assign (Nov 28)
- Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)
- Re: Heap Overflow in PCRE cve-assign (Nov 29)
- Re: Re: Heap Overflow in PCRE Tomas Hoger (Nov 30)
- Re: Re: Heap Overflow in PCRE Michal Zalewski (Nov 28)
- Re: Heap Overflow in PCRE cve-assign (Dec 01)
- Re: Re: Heap Overflow in PCRE Salvatore Bonaccorso (Dec 02)
- Re: Heap Overflow in PCRE cve-assign (Dec 02)
- Re: Re: Heap Overflow in PCRE Jakub Wilk (Dec 03)
- Re: Heap Overflow in PCRE Moritz Muehlenhoff (Nov 24)