Summary: | <dev-libs/libpcre-8.38-r1: stack buffer overflow for (*ACCEPT) with deeply nested parentheses | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.exim.org/show_bug.cgi?id=1791 | ||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=1311503 https://bugs.exim.org/show_bug.cgi?id=1791 |
||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 570694 |
Description
Kristian Fiskerstrand (RETIRED)
2016-02-24 11:48:27 UTC
The issue is fixed upstream in pcre and pcre2 via the following commits: http://vcs.pcre.org/pcre?view=revision&revision=1631 http://vcs.pcre.org/pcre2?view=revision&revision=489 added upstream patches; should be fined to stable: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cee01d4f06b3984b8211bd3c27358f7d18cf90fb @arches, please stabilize: =dev-libs/libpcre-8.38-r1 Added to existing GLSA. Stable on alpha. Stable for HPPA PPC64. arm stable amd64 stable x86 stable ppc stable sparc stable ia64 stable Removing unstable arches. @maintainer(s), please cleanup. This issue was resolved and addressed in GLSA 201607-02 at https://security.gentoo.org/glsa/201607-02 by GLSA coordinator Aaron Bauman (b-man). Re-opening for cleanup. @maintainer(s), please cleanup the vulnerable versions. @maintainers, bump for cleanup. Maintainer(s), please drop the vulnerable version(s). Version: 8.38 : 3 Any reason these cannot be cleaned? commit fb22a9ea0a8b6b4e3911d5360779c9740df08f46 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Mon Oct 10 13:37:59 2016 dev-libs/libpcre: Security cleanup (bug #575546). Package-Manager: portage-2.3.1 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> Thanks again! |