Bug#778404: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
Eugen Dedu
eugen.dedu at univ-fcomte.fr
Mon Feb 16 16:33:42 UTC 2015
On 16/02/15 17:19, Moritz Muehlenhoff wrote:
> severity 778404 minor
> thanks
>
> On Sat, Feb 14, 2015 at 03:39:19PM +0100, Luciano Bello wrote:
>> Package: ptlib
>> Severity: important
>> Tags: security patch
>>
>> The security team received a report from the CERT Coordination Center that the
>> Henry Spencer regular expressions (regex) library contains a heap overflow
>> vulnerability. It looks like this package includes the affected code at that's
>> the reason of this bug report.
>
> The configure script picks the glibc regex code, so this doesn't affect
> the Debian binary packages.
Thank you for the analysis.
> It would still be useful to report this upstream, so that they update
> the local regex code (it could be that the local one is used when
> building with a libc other than glibc)
I will do it, I have commit access.
--
Eugen
More information about the Pkg-voip-maintainers
mailing list