[pkg-boost-devel] boost stable update for CVE-2008-0172

Nico Golde nion at debian.org
Thu Apr 3 22:39:20 UTC 2008


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for boost some time ago.

CVE-2008-0172[0]:
| The get_repeat_type function in basic_regex_creator.hpp in the Boost
| regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows
| context-dependent attackers to cause a denial of service (NULL
| dereference and crash) via an invalid regular expression.

CVE-2008-0171[1]:
| regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library
| (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent
| attackers to cause a denial of service (failed assertion and crash)
| via an invalid regular expression.

Unfortunately the vulnerability described above is not important enough
to get it fixed via regular security update in Debian stable. It does
not warrant a DSA.

However it would be nice if this could get fixed via a regular point update[2].
Please contact the release team for this.

This is an automatically generated mail, in case you are already working on an
upgrade this is of course pointless.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0172
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0171
[2] http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable
Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-boost-devel/attachments/20080404/291f87f5/attachment.pgp 


More information about the pkg-boost-devel mailing list