Hi Ola, On Tue, Mar 21, 2017 at 10:27 PM, Ola Lundqvist <o...@inguza.com> wrote: > Hi > > Great. Let us know when you have a package prepared (pachage and debdiff for > us to check) so we can coordinate the upload with issuing the DLA.
On the other hand, are you sure that erlang 1:15.b.1-dfsg-4+deb7u1 (which is in wheezy currently) is actually vulnerable? I've tried to compile the regular expression which crashes the modern Erlang interpreter (taken from https://vcs.pcre.org/pcre/code/trunk/testdata/testoutput2?r1=1540&r2=1542&pathrev=1542) and it works fine: $ erl Erlang R15B01 (erts-5.9.1) [source] [64-bit] [smp:8:8] [async-threads:0] [kernel-poll:false] Eshell V5.9.1 (abort with ^G) 1> re:compile("(?<=((?2))((?1)))"). {error,{"lookbehind assertion is not fixed length",16}} 2> Are there any additional test data to try? Cheers! -- Sergei Golovan
