Your message dated Sat, 05 Jul 2008 16:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#488919: fixed in pcre3 7.4-1+lenny2
has caused the Debian Bug report #488919,
regarding CVE-2008-2371: heap-based buffer overflow in PCRE
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
488919: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488919
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: pcre3
Version: 7.6-2
Severity: grave
Hi,
there was a new GLib release yesterday that updates it's internal pcre
version to 7.7 because of a fix for CVE-2008-2371:
> * Update to PCRE 7.7
> - fix a heap-based buffer overflow in PCRE (CVE-2008-2371)
Please get pcre3 updated soonish, thanks :)
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
--- End Message ---
--- Begin Message ---
Source: pcre3
Source-Version: 7.4-1+lenny2
We believe that the bug you reported is fixed in the latest version of
pcre3, which is due to be installed in the Debian FTP archive:
libpcre3-dbg_7.4-1+lenny2_amd64.deb
to pool/main/p/pcre3/libpcre3-dbg_7.4-1+lenny2_amd64.deb
libpcre3-dev_7.4-1+lenny2_amd64.deb
to pool/main/p/pcre3/libpcre3-dev_7.4-1+lenny2_amd64.deb
libpcre3-udeb_7.4-1+lenny2_amd64.udeb
to pool/main/p/pcre3/libpcre3-udeb_7.4-1+lenny2_amd64.udeb
libpcre3_7.4-1+lenny2_amd64.deb
to pool/main/p/pcre3/libpcre3_7.4-1+lenny2_amd64.deb
libpcrecpp0_7.4-1+lenny2_amd64.deb
to pool/main/p/pcre3/libpcrecpp0_7.4-1+lenny2_amd64.deb
pcre3_7.4-1+lenny2.diff.gz
to pool/main/p/pcre3/pcre3_7.4-1+lenny2.diff.gz
pcre3_7.4-1+lenny2.dsc
to pool/main/p/pcre3/pcre3_7.4-1+lenny2.dsc
pcregrep_7.4-1+lenny2_amd64.deb
to pool/main/p/pcre3/pcregrep_7.4-1+lenny2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated pcre3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 05 Jul 2008 12:58:48 +0200
Source: pcre3
Binary: libpcre3 libpcre3-udeb libpcrecpp0 libpcre3-dev libpcre3-dbg pcregrep
Architecture: source amd64
Version: 7.4-1+lenny2
Distribution: testing-security
Urgency: high
Maintainer: Mark Baker <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
libpcre3 - Perl 5 Compatible Regular Expression Library - runtime files
libpcre3-dbg - Perl 5 Compatible Regular Expression Library - debug symbols
libpcre3-dev - Perl 5 Compatible Regular Expression Library - development files
libpcre3-udeb - Perl 5 Compatible Regular Expression Library - runtime files
(ude (udeb)
libpcrecpp0 - Perl 5 Compatible Regular Expression Library - C++ runtime files
pcregrep - grep utility that uses perl 5 compatible regexes.
Closes: 488919
Changes:
pcre3 (7.4-1+lenny2) testing-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* This update addresses the following security issue:
- CVE-2008-2371: heap overflow in the pcre compiler triggered by
patterns which contain options and multiple branches (Closes: #488919).
Checksums-Sha1:
5e07e35a76bfedbc417488218332fa7dd218f0d5 1014 pcre3_7.4-1+lenny2.dsc
c0c94299107443477077669165fc0b6b0a63ed45 24787 pcre3_7.4-1+lenny2.diff.gz
69ffd0072502b49989a9554f1136b493b37c4cb7 208134 libpcre3_7.4-1+lenny2_amd64.deb
b740b43db13177738b838dbcd7b7e6d130076d42 73358
libpcre3-udeb_7.4-1+lenny2_amd64.udeb
cdb0940bc569054c5b98159bee577b7585b1cc41 90446
libpcrecpp0_7.4-1+lenny2_amd64.deb
ec704820d006ca14306ae3ceabb3e51d196545d1 252480
libpcre3-dev_7.4-1+lenny2_amd64.deb
908dec2cb864f328cec82d7462e16bbf9fa6ab5a 280292
libpcre3-dbg_7.4-1+lenny2_amd64.deb
58e38e90f6324472858d5c352e65276ba320ca67 20400 pcregrep_7.4-1+lenny2_amd64.deb
Checksums-Sha256:
7c8d58dcb5c615d33a8c78203479cbf79ae33d868e68745fd2e52c9b916757af 1014
pcre3_7.4-1+lenny2.dsc
8a2da1da4152b82082396ae8a58ec8b134b3f785971244f553d3b653a984b3ab 24787
pcre3_7.4-1+lenny2.diff.gz
4d5b70a7ec78585d685c8f2d5f795c7a9952bd16a26bfed1f13dc0941882f2f5 208134
libpcre3_7.4-1+lenny2_amd64.deb
d890124d6abfd6afac77eb82aaaafbde2447642d71a0883c7fb9440e17273d87 73358
libpcre3-udeb_7.4-1+lenny2_amd64.udeb
f5c2c61a8b78b0738921f8694298310c7b96adcc4d0fdfb941bea2c8bf3c222c 90446
libpcrecpp0_7.4-1+lenny2_amd64.deb
2dc854f2c964320dd0426290bd0f99167b57c04f7c95476cfd56deacffd34896 252480
libpcre3-dev_7.4-1+lenny2_amd64.deb
c56aa0c290256c2ee5a65a052835cddcffaac5c22dfaf8110a451da46ffa025b 280292
libpcre3-dbg_7.4-1+lenny2_amd64.deb
c102d0d9c8e0755832f7a6f3ad8030ac89305d615a702c40f7a8634a80405fd1 20400
pcregrep_7.4-1+lenny2_amd64.deb
Files:
6930af03bb3d8d22691d6bc07380bf22 1014 libs optional pcre3_7.4-1+lenny2.dsc
d5d38a4a522274b64bd45315ce3878a4 24787 libs optional pcre3_7.4-1+lenny2.diff.gz
b4311424fe2dac815b79452218fbca0a 208134 libs important
libpcre3_7.4-1+lenny2_amd64.deb
6990dd5ec89314dc79270a9e5afcf60c 73358 debian-installer important
libpcre3-udeb_7.4-1+lenny2_amd64.udeb
9b1d14d969b664c17cbcc756a75cddd3 90446 libs optional
libpcrecpp0_7.4-1+lenny2_amd64.deb
9bc9f1286c3f8f507c409711407ba596 252480 libdevel optional
libpcre3-dev_7.4-1+lenny2_amd64.deb
34ba96ab310560276b4cab9b4ffe64d1 280292 libdevel optional
libpcre3-dbg_7.4-1+lenny2_amd64.deb
b8a03b70769a3e3763008f590026022d 20400 utils optional
pcregrep_7.4-1+lenny2_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkhvXVAACgkQHYflSXNkfP+zzACgniuiCbb6mVrERCYia8LoT63I
j8UAoKgdcZ7trsNrgxh8Pf0q0HHXp7Zc
=KQoO
-----END PGP SIGNATURE-----
--- End Message ---
