[erlang-questions] Question regarding CVE-2015-3210
Jamie Monserrate
jmonserrate@REDACTED
Tue Jun 9 15:00:29 CEST 2015
Hello,
I am using erlang_otp version 17.1. I had a couple of questions regarding
CVE-2015-3210 <http://www.securitytracker.com/id/1032453> (more info on
implications <https://news.ycombinator.com/item?id=9658953> of the issue
here).
1. I noticed that erlang uses a patched version of pcre v8.33. Is your
patched version vulnerable to the exploit described in the CVE?
2. If so, would you please be able to give me a rough timescale of when
you'll be patching it/upgrading to a new version of pcre that does not have
this vulnerability?
Thanks a lot in advance.
Jamie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150609/e71e418b/attachment.htm>
More information about the erlang-questions
mailing list