patch for CVE-2008-2371
Michael Santos
michael.santos@REDACTED
Wed Feb 10 23:34:16 CET 2010
Running the following code will crash the emulator:
re:compile(<<"(?i)[\xc3\xa9\xc3\xbd]|[\xc3\xa9\xc3\xbdA]">>, [unicode]).
Erlang uses PCRE 7.6. This issue was identified as CVE-2008-2371 and
was fixed in PCRE 7.8.
A patch can be found here:
git fetch git://github.com/msantos/otp.git pcre-CVE-2008-2371
It is taken directly from:
http://vcs.pcre.org/viewvc?revision=360&view=revision
Does the Erlang/OTP team have a policy on security advisories, so users
and package maintainers can evaluate their risk?
More information about the erlang-patches
mailing list