oss-sec mailing list archives
Re: two vulns in uClibc-0.9.33.2
From: Simon McVittie <smcv () debian org>
Date: Sat, 17 Jun 2017 13:27:16 +0100
On Fri, 16 Jun 2017 at 20:54:14 -0700, Michal Zalewski wrote:
Uclibc is a C library like GNU libc. Why would a JS engine not use it?Because they usually use stuff like pcre or irregexp.
Not all regular expressions are equal.
JavaScript regular expressions use the regex dialect originating in
Perl, which is also used in Python and libpcre (and, via libpcre,
in PHP). The two standardized POSIX dialects implemented by Unix C
libraries (basic regexes as used in grep and sed, and extended regexes
as used in grep -E and sed -E) aren't fully compatible with the Perl
syntax: for example \s matches the letter s in BREs or EREs, but
matches any whitespace character in the Perl-derived dialects. This makes
the POSIX regex functions not particularly useful for implementors of
a JavaScript runtime.
S
Current thread:
- two vulns in uClibc-0.9.33.2 fefe (Jun 15)
- Re: two vulns in uClibc-0.9.33.2 Andrej Nemec (Jun 15)
- Re: two vulns in uClibc-0.9.33.2 Zach W (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Peter Korsgaard (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Seth Arnold (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Kurt Seifried (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Bob Friesenhahn (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Florian Weimer (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Simon McVittie (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Jakub Wilk (Jun 17)
- <Possible follow-ups>
- Re: two vulns in uClibc-0.9.33.2 fefe (Jun 20)
- Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)
- re: two vulns in uClibc-0.9.33.2 fefe (Jun 26)
- Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)