Per bug 209067 libpcre-7.6 fixes a buffer overflow issue: 1. A character class containing a very large number of characters with codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer overflow. dev-libs/glib includes a copy of libpcre since 2.14.0 that we also use (instead of the system pcre) for GRegex API due to the copy including patches useful for GRegex, but not yet in pcre. Therefore glib is affected by this as well, for glib users that use the GRegex API. The internal copy of pcre has been updated to 7.6 in glib-2.14.6 and it is also now in the portage tree. Security team: glib from 2.14.0 through 2.14.5 is vulnerable to this bug, while 2.14.6 is fixed with the update of the copy and earlier (2.12.* and earlier) did not have GRegex and included pcre. Arch teams: please stabilize glib-2.14.6 - it's only changes compared to glib-2.14.5 are the updated pcre and a couple translation updates.
x86 stable
ppc64 stable
ppc stable
Stable for HPPA.
alpha/ia64/sparc stable
amd64 done
AFAIK impact is still unknown for PCRE.
Fixed in release snapshot.
glsa together with bug 209067.
GLSA 200803-24