Details at $URL. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE ID: CVE-2017-7245 Summary: Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. Published: 2017-03-23T21:59:00.000Z
Created attachment 475124 [details, diff] Patch for CVE-2017-7245
There seems to be a second CVE number for this CVE-2017-7246 CVE-2017-7245 - https://bugzilla.redhat.com/show_bug.cgi?id=1437367 CVE-2017-7246 - https://bugzilla.redhat.com/show_bug.cgi?id=1437369
Both issues fixed in >=dev-libs/libpcre-8.41.
x86 stable
ia64 stable
arm stable
amd64 stable
alpha stable
sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
ppc64 stable
ppc stable
hppa stable
This issue was resolved and addressed in GLSA 201710-25 at https://security.gentoo.org/glsa/201710-25 by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup
sparc stable (thanks to Rolf Eike Beer)
arm64 stable (well, -r1 instead, for which we for some reason weren't CCed for)
tree is clean.