Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 617944 (CVE-2017-8399) - <dev-libs/libpcre2-10.30: pcre2_match.c out of bounds write
Summary: <dev-libs/libpcre2-10.30: pcre2_match.c out of bounds write
Status: RESOLVED FIXED
Alias: CVE-2017-8399
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on:
Blocks: 614050 CVE-2017-8786
  Show dependency tree
 
Reported: 2017-05-09 07:48 UTC by GLSAMaker/CVETool Bot
Modified: 2018-03-18 16:02 UTC (History)
2 users (show)

See Also:
Package list:
dev-libs/libpcre2-10.30
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-05-09 07:48:44 UTC
CVE-2017-8399 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8399):
  PCRE2 before 2017-03-10 has an out-of-bounds write caused by a stack-based
  buffer overflow in pcre2_match.c, related to a "pattern with very many
  captures."
Comment 1 Agostino Sarubbo gentoo-dev 2017-05-18 11:59:33 UTC
This is B2 beucase of a write issue
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-04 00:17:23 UTC
Upstream patch: https://vcs.pcre.org/pcre2?view=revision&revision=674
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-18 16:00:14 UTC
Fix released in dev-libs/libpcre2-10.30.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-18 16:54:04 UTC
@ Arches,

please test and mark stable: =dev-libs/libpcre2-10.30
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-18 19:14:06 UTC
x86 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2017-08-18 20:46:34 UTC
ia64 stable
Comment 7 Markus Meier gentoo-dev 2017-08-25 04:44:42 UTC
arm stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2017-08-25 21:33:35 UTC
amd64 stable
Comment 9 Matt Turner gentoo-dev 2017-08-25 22:31:32 UTC
alpha stable
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2017-09-10 22:11:28 UTC
sparc was dropped to exp.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
Comment 11 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-09-19 01:20:12 UTC
New GLSA Application filed.

@ppc, please finish stabilization, this stabilization request has been opened since a month ago.

Thank you,

Gentoo Security Padawan
ChrisADR
Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-25 21:43:26 UTC
ppc64 stable
Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev 2017-09-25 21:51:57 UTC
ppc stable
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2017-10-08 14:43:41 UTC
This issue was resolved and addressed in
 GLSA 201710-09 at https://security.gentoo.org/glsa/201710-09
by GLSA coordinator Aaron Bauman (b-man).
Comment 15 Aaron Bauman (RETIRED) gentoo-dev 2017-10-08 14:44:39 UTC
re-opened for cleanup.
Comment 16 Sergei Trofimovich (RETIRED) gentoo-dev 2017-12-01 23:01:29 UTC
sparc stable (thanks to Rolf Eike Beer)
Comment 17 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-18 16:02:23 UTC
cleanup done.

Thank you all