Launchpad CVE tracker

CVE 2015-2305

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Related bugs and status

CVE-2015-2305 (Candidate) is related to these bugs:

Bug #1230917: [SRU] php5-fpm logrotate errors after package switched to upstart

Summary				In	Importance	Status
	1230917	[SRU] php5-fpm logrotate errors after package switched to upstart		php5 (Ubuntu)	High	Fix Released
	1230917	[SRU] php5-fpm logrotate errors after package switched to upstart		php5 (Ubuntu Trusty)	High	Fix Released

Bug #1434488: UPDATE REQUEST: php54 5.4.39 is available upstream

Summary				In	Importance	Status
	1434488	UPDATE REQUEST: php54 5.4.39 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1434490: UPDATE REQUEST: php55u 5.5.23 is available upstream

Summary				In	Importance	Status
	1434490	UPDATE REQUEST: php55u 5.5.23 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1434531: UPDATE REQUEST: php56u 5.6.7 is available upstream

Summary				In	Importance	Status
	1434531	UPDATE REQUEST: php56u 5.6.7 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1540491: Please merge clamav 0.99+dfsg-1 (main) from Debian stable

Summary				In	Importance	Status
	1540491	Please merge clamav 0.99+dfsg-1 (main) from Debian stable		clamav (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-2305

References