Per bug 209067 libpcre-7.6 fixes a buffer overflow issue:
1. A character class containing a very large number of characters with
codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
overflow.
dev-libs/glib includes a copy of libpcre since 2.14.0 that we also use (instead
of the system pcre) for GRegex API due to the copy including patches useful for
GRegex, but not yet in pcre. Therefore glib is affected by this as well, for
glib users that use the GRegex API. The internal copy of pcre has been updated
to 7.6 in glib-2.14.6 and it is also now in the portage tree.
Security team: glib from 2.14.0 through 2.14.5 is vulnerable to this bug, while
2.14.6 is fixed with the update of the copy and earlier (2.12.* and earlier)
did not have GRegex and included pcre.
Arch teams: please stabilize glib-2.14.6 - it's only changes compared to
glib-2.14.5 are the updated pcre and a couple translation updates.
