Details at $URL.
@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE ID: CVE-2017-7186
Summary: libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
Same fix like bug 614054.
See https://bugs.exim.org/show_bug.cgi?id=2052 and https://bugs.exim.org/show_bug.cgi?id=2054
Oh dear, we will need to create a tracker bug for the PCRE vulns. pcre2 bug is bug 614050.
Freeing CVE alias for tracking bug.
Fixed in >=dev-libs/libpcre-8.41, stabilization will happen in bug 614052.
This issue was resolved and addressed in
GLSA 201710-25 at https://security.gentoo.org/glsa/201710-25
by GLSA coordinator Aaron Bauman (b-man).