Tavis Ormandy of the Google Security Team reported multiple pcre regular
expressions flaws. Here are the details pasted from Tavis' mail:
CVE-2007-1659:
unmatched \Q\E sequences with orphan \E codes can cause the compiled
regex to become desynchronized, resulting in corrupt bytecode that may
result in multiple exploitable conditions. This was inadvertently
fixed by the pcre maintainer in version 7.0, however another case of a
lone \E inside a character class remained, this has been fixed in 7.3
Acknowledgements:
Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues.