pcre3 vulnerability CVE-2014, 2015
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pcre3 (Ubuntu) |
Fix Released
|
Undecided
|
Seyeong Kim | ||
Precise |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Trusty |
Fix Released
|
Undecided
|
Seyeong Kim | ||
Utopic |
Fix Released
|
Undecided
|
Seyeong Kim | ||
Vivid |
Fix Released
|
Undecided
|
Seyeong Kim |
Bug Description
SRU Justification
[Impact]
CVE-2014-8964
CVE-2015-2325
CVE-2015-2326
CVE-2015-3210
CVE-2015-5073
[Test Case]
[Regression Potential]
[Other Info]
CVE-2014-8964
https:/
https:/
http://
Requires some heavy backporting to older releases, see: https:/
CVE-2015-2325
https:/
http://
http://
CVE-2015-2326
https:/
http://
http://
CVE-2015-3210
https:/
https:/
http://
CVE-2015-5073
https:/
https:/
http://
CVE References
information type: | Private Security → Public Security |
Changed in pcre3 (Ubuntu): | |
status: | New → Confirmed |
description: | updated |
Changed in pcre3 (Ubuntu Trusty): | |
status: | New → In Progress |
assignee: | nobody → Seyeong Kim (xtrusia) |
Changed in pcre3 (Ubuntu Utopic): | |
status: | New → In Progress |
assignee: | nobody → Seyeong Kim (xtrusia) |
Changed in pcre3 (Ubuntu): | |
assignee: | nobody → Seyeong Kim (xtrusia) |
assignee: | Seyeong Kim (xtrusia) → nobody |
description: | updated |
summary: |
- pcre3 vulnerability CVE-2014-8964 + pcre3 vulnerability CVE-2014, 2015 |
Changed in pcre3 (Ubuntu): | |
assignee: | nobody → Seyeong Kim (xtrusia) |
status: | Confirmed → In Progress |
Changed in pcre3 (Ubuntu Vivid): | |
status: | New → In Progress |
assignee: | nobody → Seyeong Kim (xtrusia) |
Changed in pcre3 (Ubuntu Precise): | |
status: | In Progress → Fix Released |
Changed in pcre3 (Ubuntu Trusty): | |
status: | In Progress → Fix Released |
Changed in pcre3 (Ubuntu Utopic): | |
status: | In Progress → Fix Released |
Changed in pcre3 (Ubuntu Vivid): | |
status: | In Progress → Fix Released |
ACK on the wily and vivid debdiffs. I've slightly adjusted the vivid versioning and have removed the extra lines in the changelog.
Wily is uploaded to the archive, and vivid is uploaded here, awaiting the other releases:
https:/ /launchpad. net/~ubuntu- security- proposed/ +archive/ ubuntu/ ppa/+packages
For trusty, CVE-2014-8964 is missing. Red Hat has a backport available here: /bugzilla. redhat. com/show_ bug.cgi? id=1166147# c8
https:/
Are you planning on working on precise also?