CVE-2019-19012 (https://nvd.nist.gov/vuln/detail/CVE-2019-19012): An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. CVE-2019-19203 (https://nvd.nist.gov/vuln/detail/CVE-2019-19203): An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. CVE-2019-19204 (https://nvd.nist.gov/vuln/detail/CVE-2019-19204): An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
amd64 stable
hppa/sparc stable
arm64 stable
ia64 stable
s390 stable
x86 stable
ppc64 stable
ppc stable
arm stable
thanks arches. @maintainer(s), ok to cleanup?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=487aeb624b9001b520dc3d6340ab48bf86757881 commit 487aeb624b9001b520dc3d6340ab48bf86757881 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-25 20:26:27 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-25 20:26:27 +0000 dev-libs/oniguruma: security cleanup (bug #702012) Bug: https://bugs.gentoo.org/702012 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/oniguruma/Manifest | 1 - ...a-6.9.3-fix-heap-buffer-overflow-php78559.patch | 13 -------- ...a-6.9.3-fix-heap-buffer-overflow-php78633.patch | 25 --------------- dev-libs/oniguruma/oniguruma-6.9.3-r2.ebuild | 37 ---------------------- 4 files changed, 76 deletions(-)
GLSA Vote: No Repository is clean, all done!