From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 25 21:08:37 2019 Received: (at 27993-done) by debbugs.gnu.org; 26 Feb 2019 02:08:37 +0000 Received: from localhost ([127.0.0.1]:52035 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gySAe-0001KQ-M7 for submit@debbugs.gnu.org; Mon, 25 Feb 2019 21:08:37 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:50391) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gySAd-0001KE-24 for 27993-done@debbugs.gnu.org; Mon, 25 Feb 2019 21:08:35 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id F32992234C; Mon, 25 Feb 2019 21:08:29 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Mon, 25 Feb 2019 21:08:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=Fa19vQmcW9z+foDbuCKAq70M 4miO/AD4jTsRO3yKuas=; b=lRj6irmpEM2FUBpa3gOneFKkAGIpgHJN/bpXCNKJ judIVsRZ2QaYpSaDVsWImkZH7UB7VpBwwTG3RzCpCkMeRTWl3/1eUGoJjAXOAdio gIgkfunFWVbgY16f8/1ey/cqS6kN8M2Un4DjzKPspcmOFyon6+u4gY45XBrxu1Mc LTs= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=Fa19vQ mcW9z+foDbuCKAq70M4miO/AD4jTsRO3yKuas=; b=rD+J2s4mU08GBzL+fXR5lb +sD+vZWLXcCo5tgVnX8sCiqep9hLyK3fTUxd6p9ht6J9GcnpMBrsB1TOpWrfaXBk jDt6deFmea74WVeDPoBNs5sSCqNmZvMWaSSyi6ZGRS89guhRR/ljVPFlaPGvy16X isA98+q6G+I+sAG30uVzAXOirTbZvh4EmJzPLMMZJRNrbFr2bZz2UJ/0ZteHrMBO wiQjjFyC72yzkY/cOEccU/545KWp8kIC66fP/hAsjtzu3AKMasAl29YiuaOxsxdY AbWYeGrYcwo1gw+H++7Pwl2dta8TrnVU5muEAbsb8tR5/kXE4C8dr142sOhL/sPg == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrudekgdegfeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujggfsehgtd erredtredvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucfkphepjeeirdduvdegrddvtddvrddufeejnecurfgrrhgrmh epmhgrihhlfhhrohhmpehlvghosehfrghmuhhlrghrihdrnhgrmhgvnecuvehluhhsthgv rhfuihiivgeptd X-ME-Proxy: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 8513110331 for <27993-done@debbugs.gnu.org>; Mon, 25 Feb 2019 21:08:29 -0500 (EST) Date: Mon, 25 Feb 2019 21:08:28 -0500 From: Leo Famulari To: 27993-done@debbugs.gnu.org Subject: Re: Oniguruma (PHP and Ruby) security issues Message-ID: <20190226020828.GA26247@jasmine.lan> References: <20170806202933.GA21954@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="GvXjxJ+pjyke8COw" Content-Disposition: inline In-Reply-To: <20170806202933.GA21954@jasmine.lan> User-Agent: Mutt/1.11.3 (2019-02-01) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27993-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Aug 06, 2017 at 04:29:33PM -0400, Leo Famulari wrote: > Recently several serious bugs were fixed in Oniguruma, > CVE-2017-{9224,9225,9226,9227,9228,9229}: [...] > I'm not sure exactly which Oniguruma release fixed the bugs. I'm still not sure, but our PHP package is using the latest Oniguruma, and a lot of time has passed since this bug was opened. Closing... --GvXjxJ+pjyke8COw Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlx0n5wACgkQJkb6MLrK fwjKFxAAkuMQQl0Bz5ln6DUwBrc4uBVz7jGQ1W4JIWuVmen0h+th1EXzb/6ys88W vVsFkLGGCG7UNS/z9d5WI+NE4WYvRoUjfWrZQQvzUlvWixGyQ2Wqt7Cyw0zhi0Df S/zFxs0d3fRWci5I0ibwDjzt5UQb1D5V3/xJdz4NlS+dAYOzE9pd7Fc5KJiMyb/+ 4xnVdB3F9Hf6lmf6yKvQLJO8FsHUyCSUSGJktNXJnTb8dOWlcv3fTxQYqoDhOwP6 q53+Ro9+R0DShrx5UQ0XbIH/REWH2H1UIwOj6+r0ZmH9/s0CUrMu+I5G4Q10O2zT GZXFu9zVW04QB1Nif4YQVOmRsXc8dsNYnLmP5U2XRy1hJbDNwz/lKSwps3LxVs0c IBemIZpSc7c8jAOkVWmbhmKYeUqRX7V447Ml9CfYvHMZ2ObcBlfIE43RB7EZ5NoE aqHuYWRh5h6RdvlA0zvUvhpwjiLPdOgD4UkBGI8ydNN/sGXwZvYcnkyXBOv02PA6 QFCnILimMXeRF0DJC1xWpHHABXytDj2Vpi24QZlpOaXS5ZGyGEeSsq8nYvGbouqX vITmOeASVCYPYCbruWgajbjYqwEjM72Lxv8GaBXrSRAGDxLS6EWGLnhgg8SwNy+l pIPvJpoKdrf+9CRW3GX95JEIUTmNX2CcTtLU56R/Ch4HKWrLLH0= =NuR+ -----END PGP SIGNATURE----- --GvXjxJ+pjyke8COw--