First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 209293
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Mart Raudsepp <leio@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 209293 depends on: 209067 Show dependency tree
Bug 209293 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-02-07 20:50 0000 
Per bug 209067 libpcre-7.6 fixes a buffer overflow issue:

1.  A character class containing a very large number of characters with
    codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
    overflow.

dev-libs/glib includes a copy of libpcre since 2.14.0 that we also use (instead
of the system pcre) for GRegex API due to the copy including patches useful for
GRegex, but not yet in pcre. Therefore glib is affected by this as well, for
glib users that use the GRegex API. The internal copy of pcre has been updated
to 7.6 in glib-2.14.6 and it is also now in the portage tree.

Security team: glib from 2.14.0 through 2.14.5 is vulnerable to this bug, while
2.14.6 is fixed with the update of the copy and earlier (2.12.* and earlier)
did not have GRegex and included pcre.

Arch teams: please stabilize glib-2.14.6 - it's only changes compared to
glib-2.14.5 are the updated pcre and a couple translation updates.

------- Comment #1 From Markus Meier 2008-02-07 21:10:55 0000 ------- 
x86 stable

------- Comment #2 From Brent Baude 2008-02-08 00:04:52 0000 ------- 
ppc64 stable

------- Comment #3 From Brent Baude 2008-02-08 00:12:24 0000 ------- 
ppc64 stable

------- Comment #4 From Tobias Scherbaum 2008-02-08 08:31:24 0000 ------- 
ppc stable

------- Comment #5 From Jeroen Roovers 2008-02-08 14:00:41 0000 ------- 
Stable for HPPA.

------- Comment #6 From Raúl Porcel 2008-02-08 15:54:08 0000 ------- 
alpha/ia64/sparc stable

------- Comment #7 From Olivier Crete 2008-02-10 22:12:43 0000 ------- 
amd64 done

------- Comment #8 From Sune Kloppenborg Jeppesen 2008-02-11 20:28:51 0000 ------- 
AFAIK impact is still unknown for PCRE.

------- Comment #9 From Peter Volkov 2008-02-23 17:28:41 0000 ------- 
Fixed in release snapshot.

------- Comment #10 From Robert Buchholz 2008-03-04 14:21:39 0000 ------- 
glsa together with bug 209067.

------- Comment #11 From Tobias Heinlein 2008-03-19 23:04:37 0000 ------- 
GLSA 200803-24
First Last Prev Next    No search results available      Search page      Enter new bug