bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2

From:	Ludovic Courtès
Subject:	bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2
Date:	Mon, 10 Apr 2017 23:57:37 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

Heya,

Marius Bakke <address@hidden> skribis:

> Ludovic Courtès <address@hidden> writes:
>
>> Hello,
>>
>> These patches fix <https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-7186>
>> in pcre and pcre2 using the upstream patches referenced in the CVE database.
>>
>> Ludo'.
>>
>> Ludovic Courtès (2):
>>   gnu: pcre2: Patch CVE-2017-7186.
>>   gnu: pcre: Patch CVE-2017-7186.
>
> Thank you for these! Please add URLs to the upstream fixes in the patch
> headers:
>
> https://vcs.pcre.org/pcre?view=revision&revision=1688
> https://vcs.pcre.org/pcre2?view=revision&revision=670

Done and pushed, thanks for your quick reply!

FWIW there’s still work to do on pcre:

  $ ./pre-inst-env guix lint -c cve pcre pcre2
  gnu/packages/pcre.scm:76:2: address@hidden: probably vulnerable to 
CVE-2017-7244, CVE-2017-7245, CVE-2017-7246

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2, Ludovic Courtès, 2017/04/10
- bug#26431: [PATCH 2/2] gnu: pcre: Patch CVE-2017-7186., Ludovic Courtès, 2017/04/10
- bug#26431: [PATCH 1/2] gnu: pcre2: Patch CVE-2017-7186., Ludovic Courtès, 2017/04/10
- bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2, Marius Bakke, 2017/04/10
  - bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2, Ludovic Courtès <=

Prev by Date: bug#26436: [PATCH] gnu: Move dillo to web-browsers.scm.
Next by Date: bug#26374: [PATCH] gnu: Move dillo to web.scm.
Previous by thread: bug#26431: [PATCH 0/2] Fix CVE-2017-7186 in pcre and pcre2
Next by thread: bug#26434: [PATCH] gnu: Add gpicview.
Index(es):
- Date
- Thread