Comment 36 for bug 20215

Message-ID: <email address hidden>
Date: Wed, 24 Aug 2005 14:52:41 +0200
From: Sven Mueller <email address hidden>
To: Stefan Fritsch <email address hidden>, <email address hidden>
Subject: Re: Bug#324531: pcre3: CAN-2005-2491

--------------enig487232E5E8BE0C5EA4533572
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Stefan Fritsch wrote on 23/08/2005 23:15:
>>Patch extracted from difference between upstream versions 6.0 and
>>6.1, modified to patch version 4.5. Patch is attached.
>
> While the issue corresponding to your patch should be fixed as well,
> this is not the patch for CAN-2005-2491. The securitytracker page
> states that 6.1 and prior versions are vulnerable. One needs to look
> at the differences between 6.1 and 6.2. The relevant changes are a
> bit larger.

You are right. I was confused because the pcre homepage still says 6.1
is the latest version. Working on the real fix now.

cu,
sven

--------------enig487232E5E8BE0C5EA4533572
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)

iD8DBQFDDG2dDcs5RBTUBgsRAi3WAJ0d01OjHl042Uzf3o314bbhscOndgCgq0Yn
DcHJfPZhrJmMCROAU/0hXYo=
=GMZJ
-----END PGP SIGNATURE-----

--------------enig487232E5E8BE0C5EA4533572--