tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: vulnerabilities pattern oddity
On Fri, Jul 04, 2008 at 09:45:52PM -0400, Jan Schaumann wrote:
> perl{,-thread}-5.8.[0-4]{,nb*}* local-file-write
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452
> perl{,-thread}-5.8.[0-4]{,nb*}* local-file-write
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0448
Can this please be rewritten as perl{-thread}>=5.8.0<5.8.5?
> These are the only two lines that have a pattern that includes a "{}
> wildcard with a trailing "*". How is this pattern interpreted? Isn't
> the last "*" superflous, since the "{,nb*}" already expands to "<emtpy
> string>" and "nb*"?
Yes.
> Incidentally, the use of the "*" is somewhat against regex convention --
> here, it doesn't mean "0 or more 'b's", it means "a 'b' followed by
> anything" (ie "nb.*").
It is not a regex -- it is fnmatch style.
Joerg
Home |
Main Index |
Thread Index |
Old Index