A remote or local user may be able to supply a specially crafted regular
expression to trigger a heap integer overflow in PCRE.
"Applications that parse untrusted regular expressions may be vulnerable."
Not sure that's very common. Should of course be fixed nevertheless.
PCRE 6.3 is available:
Created attachment 66565 [details]
Maybe a bit lame, but helps till the real ebuild comes
6.3 is in portage.
What's the m68k alias?
stable on ppc64
stable on mips.
Stable on ppc, added vapier for m68k.
Also stable on hppa.
stable on ppc-macos
We came, we tested, we alpha'd.
Security covered arches stable, ready for GLSA.
Thanks to everybody involved.
Minor issue: The GLSA says <6.3 is affected, but from the annnouncement it's <6.2.
I don't think we've ever had a 6.2 in Portage.