Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 209293 - dev-libs/glib-2.14.6 fixes potential buffer overflow in included pcre copy
Summary: dev-libs/glib-2.14.6 fixes potential buffer overflow in included pcre copy
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: C1 [glsa]
Keywords: STABLEREQ
Depends on: CVE-2008-0674
Blocks:
  Show dependency tree
 
Reported: 2008-02-07 20:50 UTC by Mart Raudsepp
Modified: 2020-04-04 12:15 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mart Raudsepp gentoo-dev 2008-02-07 20:50:58 UTC
Per bug 209067 libpcre-7.6 fixes a buffer overflow issue:

1.  A character class containing a very large number of characters with
    codepoints greater than 255 (in UTF-8 mode, of course) caused a buffer
    overflow.

dev-libs/glib includes a copy of libpcre since 2.14.0 that we also use (instead of the system pcre) for GRegex API due to the copy including patches useful for GRegex, but not yet in pcre. Therefore glib is affected by this as well, for glib users that use the GRegex API. The internal copy of pcre has been updated to 7.6 in glib-2.14.6 and it is also now in the portage tree.

Security team: glib from 2.14.0 through 2.14.5 is vulnerable to this bug, while 2.14.6 is fixed with the update of the copy and earlier (2.12.* and earlier) did not have GRegex and included pcre.

Arch teams: please stabilize glib-2.14.6 - it's only changes compared to glib-2.14.5 are the updated pcre and a couple translation updates.
Comment 1 Markus Meier gentoo-dev 2008-02-07 21:10:55 UTC
x86 stable
Comment 2 Brent Baude (RETIRED) gentoo-dev 2008-02-08 00:04:52 UTC
ppc64 stable
Comment 3 Brent Baude (RETIRED) gentoo-dev 2008-02-08 00:12:24 UTC
ppc64 stable
Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev 2008-02-08 08:31:24 UTC
ppc stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2008-02-08 14:00:41 UTC
Stable for HPPA.
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2008-02-08 15:54:08 UTC
alpha/ia64/sparc stable
Comment 7 Olivier Crete (RETIRED) gentoo-dev 2008-02-10 22:12:43 UTC
amd64 done
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-11 20:28:51 UTC
AFAIK impact is still unknown for PCRE.
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2008-02-23 17:28:41 UTC
Fixed in release snapshot.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2008-03-04 14:21:39 UTC
glsa together with bug 209067.
Comment 11 Tobias Heinlein (RETIRED) gentoo-dev 2008-03-19 23:04:37 UTC
GLSA 200803-24