Re: perl regex vulnerability - debian - pcre only?
> http://security-tracker.debian.net/tracker/CVE-2007-5116
>
> is uninformative, but that is cve id that redhat and others are
> referring to.
I've added some more information, including a link to the upstream patch
(whose essence applies cleanly to the versions in sarge and etch).
As a side effect of the problem described in
<http://lists.debian.org/debian-devel-announce/2007/11/msg00001.html>
building security updates involves even more manual work than usual. I
can't say for sure when we will release the update, I'm afraid, but I
hope it won't take much longer.
Reply to: