Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 614050

Summary: <dev-libs/libpcre2-10.30: invalid memory read in match (pcre_exec.c) (CVE-2017-7186)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gentoo-bugs, polynomial-c
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://blogs.gentoo.org/ago/2017/03/14/libpcre-invalid-memory-read-in-match-pcre_exec-c/
Whiteboard: B3 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 617944    
Bug Blocks: 620660    

Description Agostino Sarubbo gentoo-dev 2017-03-27 09:47:09 UTC 
Details at $URL.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2017-03-28 04:44:22 UTC 
    CVE ID: CVE-2017-7186
   Summary: libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
 Published: 2017-03-20T00:59:00.000Z
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-18 16:09:20 UTC 
Fixed in >=dev-libs/libpcre2-10.30, stabilization will happen in bug 617944.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-10-08 14:43:24 UTC 
This issue was resolved and addressed in
 GLSA 201710-09 at https://security.gentoo.org/glsa/201710-09
by GLSA coordinator Aaron Bauman (b-man).