Bug#778412: Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
On Sat, Feb 14, 2015 at 03:41:21PM +0100, Luciano Bello wrote:
> Package: nvi
> Severity: important
> Tags: security patch
>
> The security team received a report from the CERT Coordination Center that the
> Henry Spencer regular expressions (regex) library contains a heap overflow
> vulnerability. It looks like this package includes the affected code at that's
> the reason of this bug report.
>
> The patch is available here:
> http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c
Building with "--disable-re" should fix this.
Cheers,
Moritz
Reply to: