Quoting from ChangeLog (8.44): "6. Check the size of the number after (?C as it is read, in order to avoid integer overflow." "7. Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference in pcretest." Quoting from ChangeLog (8.43): "7. Fix subject buffer overread in JIT when UTF is disabled and \X or \R has a greater than 1 fixed quantifier. This issue was found by Yunho Kim."
@maintainer(s), please advise if ready for stabilisation, or call yourself
ping
@Sam James hi,I found this testcase could reproduce the bug in pcre2, but in pcre 8.42, I could not reproduce it. /\X*/ \xF3aaa\xE4\xEA\xEB\XFEa Could you provide the suitable testcase for me to veritfy this change?
arm64 done
arm stable
x86 stable
amd64 stable
ppc done
sparc stable
commit 4b467aaca13059e5b4438bc98de65f00c45dc8f1 Author: Sam James <sam@gentoo.org> Date: Thu Sep 3 23:42:29 2020 +0000 dev-libs/libpcre: ppc64 stable (bug #717920)
hppa stable
s390: ping
s390 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=577e461933395f3e973e0c153e3a1080cdf0a284 commit 577e461933395f3e973e0c153e3a1080cdf0a284 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-09-18 10:29:29 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-09-18 10:30:10 +0000 dev-libs/libpcre: Security cleanup Bug: https://bugs.gentoo.org/717920 Package-Manager: Portage-3.0.7, Repoman-3.0.1 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> dev-libs/libpcre/Manifest | 2 - dev-libs/libpcre/libpcre-8.42.ebuild | 96 ------------------------------------ dev-libs/libpcre/libpcre-8.43.ebuild | 96 ------------------------------------ 3 files changed, 194 deletions(-)
GLSA Vote: No Repository is clean, all done!
