[erlang-questions] Question regarding CVE-2015-3210

Jamie Monserrate jmonserrate@REDACTED
Tue Jun 9 15:00:29 CEST 2015


Hello,

I am using erlang_otp version 17.1.  I had a couple of questions regarding
CVE-2015-3210 <http://www.securitytracker.com/id/1032453> (more info on
implications <https://news.ycombinator.com/item?id=9658953> of the issue
here).

   1. I noticed that erlang uses a patched version of pcre v8.33. Is your
   patched version vulnerable to the exploit described in the CVE?
   2. If so, would you please be able to give me a rough timescale of when
   you'll be patching it/upgrading to a new version of pcre that does not have
   this vulnerability?

Thanks a lot in advance.

Jamie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150609/e71e418b/attachment.htm>


More information about the erlang-questions mailing list