From: ludo@gnu.org (Ludovic Courtès)
To: Marius Bakke <mbakke@fastmail.com>
Cc: 26431-done@debbugs.gnu.org
Subject: bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2
Date: Mon, 10 Apr 2017 23:57:37 +0200 [thread overview]
Message-ID: <87k26sdiy6.fsf@gnu.org> (raw)
In-Reply-To: <87d1cktcx5.fsf@fastmail.com> (Marius Bakke's message of "Mon, 10 Apr 2017 19:01:10 +0200")
Heya,
Marius Bakke <mbakke@fastmail.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hello,
>>
>> These patches fix <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
>> in pcre and pcre2 using the upstream patches referenced in the CVE database.
>>
>> Ludo'.
>>
>> Ludovic Courtès (2):
>> gnu: pcre2: Patch CVE-2017-7186.
>> gnu: pcre: Patch CVE-2017-7186.
>
> Thank you for these! Please add URLs to the upstream fixes in the patch
> headers:
>
> https://vcs.pcre.org/pcre?view=revision&revision=1688
> https://vcs.pcre.org/pcre2?view=revision&revision=670
Done and pushed, thanks for your quick reply!
FWIW there’s still work to do on pcre:
$ ./pre-inst-env guix lint -c cve pcre pcre2
gnu/packages/pcre.scm:76:2: pcre@8.40: probably vulnerable to CVE-2017-7244, CVE-2017-7245, CVE-2017-7246
Ludo’.
prev parent reply other threads:[~2017-04-10 21:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-10 13:39 bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Ludovic Courtès
2017-04-10 13:42 ` bug#26431: [PATCH 1/2] gnu: pcre2: Patch CVE-2017-7186 Ludovic Courtès
2017-04-10 13:43 ` bug#26431: [PATCH 2/2] gnu: pcre: " Ludovic Courtès
2017-04-10 17:01 ` bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2 Marius Bakke
2017-04-10 21:57 ` Ludovic Courtès [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k26sdiy6.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=26431-done@debbugs.gnu.org \
--cc=mbakke@fastmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.