oss-sec mailing list archives

Re: CVE request: spencer regexp

From: Siddharth Sharma <siddharth () redhat com>
Date: Wed, 11 Mar 2015 08:26:47 -0400 (EDT)

Hi,

Is there a CVE which was assigned to this flaw ?

Regards,
-------------------------------------------
Siddharth Sharma / Red Hat Product Security

----- Original Message -----
From: "Moritz Muehlenhoff" <jmm () debian org>
To: oss-security () lists openwall com
Cc: cve-assign () mitre org
Sent: Monday, February 16, 2015 11:49:15 PM
Subject: [oss-security] CVE request: spencer regexp

Hi,
please assign a CVE ID for this:

http://www.kb.cert.org/vuls/id/695940
https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/

This affects multiple source packages including local copies of the
code. However, in many cases the code is only used when building for
Android or Windows.

Current WIP status for source packages in Debian:
https://security-tracker.debian.org/tracker/TEMP-0778389-A8C6F9

Cheers,
        Moritz

Current thread:

CVE request: spencer regexp Moritz Muehlenhoff (Feb 16)
- Re: CVE request: spencer regexp Siddharth Sharma (Mar 11)
- Re: CVE request: spencer regexp cve-assign (Mar 11)
  - Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
    - Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
    - Re: Re: CVE request: spencer regexp Alistair Crooks (Mar 12)
- Re: CVE request: spencer regexp cve-assign (Mar 16)