699052 – <dev-libs/libpcre2-10.33-r1: multiple vulnerabilities

Bug 699052 - <dev-libs/libpcre2-10.33-r1: multiple vulnerabilities

Summary: <dev-libs/libpcre2-10.33-r1: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Deadline:	2019-11-06
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:	676294
	Show dependency tree

Reported:	2019-10-31 20:10 UTC by Thomas Deutschmann (RETIRED)
Modified:	2020-03-28 22:41 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=dev-libs/libpcre2-10.33-r1
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-31 20:10:45 UTC

=dev-libs/libpcre2-10.33-r1 contains various fixes for several known issues which could cause crashes (DoS), including fix from https://bugs.php.net/78272.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-11-01 20:08:28 UTC

@ arches,

please test and mark stable: =dev-libs/libpcre2-10.33-r1

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2019-11-01 21:04:18 UTC

x86 stable

Comment 3 Rolf Eike Beer archtester

2019-11-02 23:27:52 UTC

hppa and sparc stable

Comment 4 Piotr Karbowski (RETIRED) gentoo-dev

2019-11-03 11:56:52 UTC

amd64 stable

Comment 5 Mikle Kolyada (RETIRED) archtester

2019-11-03 14:03:08 UTC

arm stable

Comment 6 Aaron Bauman (RETIRED) gentoo-dev

2019-11-05 01:17:01 UTC

arm64 stable

Comment 7 Mikle Kolyada (RETIRED) archtester

2019-11-08 08:32:52 UTC

s390 stable

Comment 8 Matt Turner gentoo-dev

2019-11-09 22:59:01 UTC

alpha stable

Comment 9 Agostino Sarubbo gentoo-dev

2019-11-12 13:36:55 UTC

ppc64 stable

Comment 10 Agostino Sarubbo gentoo-dev

2019-11-13 07:42:38 UTC

ppc stable

Comment 11 Agostino Sarubbo gentoo-dev

2019-11-14 11:56:53 UTC

ia64 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 12 Sam James archtester

2020-03-19 01:49:35 UTC

@maintainer(s), ok to cleanup?

Comment 13 Larry the Git Cow gentoo-dev

2020-03-25 18:37:30 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=feab25e6aada941f8c074dbb1b997a0b54dedafc

commit feab25e6aada941f8c074dbb1b997a0b54dedafc
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-25 18:37:08 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-25 18:37:23 +0000

    dev-libs/libpcre2: security cleanup (bug #699052)
    
    Bug: https://bugs.gentoo.org/699052
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/libpcre2/Manifest              |  1 -
 dev-libs/libpcre2/libpcre2-10.32.ebuild | 78 ---------------------------------
 2 files changed, 79 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bfbd3affa55d79f54cdd1903d9c0a9441f10728

commit 9bfbd3affa55d79f54cdd1903d9c0a9441f10728
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-25 18:36:18 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-25 18:37:22 +0000

    dev-libs/libpcre2: mark stable on m68k & sh (bug #699052)
    
    Bug: https://bugs.gentoo.org/699052
    Package-Manager: Portage-2.3.94, Repoman-2.3.21
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/libpcre2/libpcre2-10.33-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 14 Thomas Deutschmann (RETIRED) gentoo-dev

2020-03-25 18:38:14 UTC

GLSA Vote: No

Repository is clean, all done!