Details at $URL.
@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
A fuzz on libpcre1 through the pcretest utility revealed an invalid memory read. Upstream says that this bug is fixed by one of the previous commit. However I’m providing as usual the stacktrace and the reproducer, so if you are not running the latest upstream release, like happen on debian/rhel based distros, you may want to check better the status of this bug.
Created attachment 475122 [details, diff]
Patch for CVE-2017-7244
> Revision: 1688
> Author: ph10
> Date: Friday, February 24, 2017 18:30:30
> Fix Unicode property crash for 32-bit characters greater than 0x10ffff.
> Modified : /code/trunk/ChangeLog
> Modified : /code/trunk/maint/MultiStage2.py
> Modified : /code/trunk/pcre_internal.h
> Modified : /code/trunk/pcre_ucd.c
(not yet released)
Fixed in >=dev-libs/libpcre-8.41, stabilization will happen in bug 614052.
This issue was resolved and addressed in
GLSA 201710-25 at https://security.gentoo.org/glsa/201710-25
by GLSA coordinator Aaron Bauman (b-man).