Debian
pcre3 package

pcre3 2:8.35-3.3+deb8u2 source package in Debian

Changelog

pcre3 (2:8.35-3.3+deb8u2) jessie; urgency=medium

  * Non-maintainer upload.
  * Add additional CVE references and bug closer to previous changelog.
    CVE-2015-2327 fix was included in the previous 2:8.35-3.3+deb8u1 upload.
    CVE-2015-8384 different issue than CVE-2015-3210 but fixed with same
    commit.
    CVE-2015-8388 different issue than CVE-2015-5073 but fixed with same
    commit.
    Add bug closer to bugs in the BTS retrospectively.
  * Add 0001-Fix-compile-time-loop-for-recursive-reference-within.patch.
    CVE-2015-2328: Stack-based buffer overflow in compile_regex().
  * Add 794589-information-disclosure.patch.
    CVE-2015-8382: Fix "pcre_exec does not fill offsets for certain regexps"
    leading to information disclosure. (Closes: #794589)
  * Add 0001-Fix-buffer-overflow-for-repeated-conditional-when-re.patch.
    CVE-2015-8383: Buffer overflow caused by repeated conditional group.
  * Add 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch.
    CVE-2015-8385: Buffer overflow caused by forward reference by name to
    certain group.
  * Add 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch.
    CVE-2015-8386: Buffer overflow caused by lookbehind assertion.
  * Add 0001-Add-integer-overflow-check-to-n-code.patch.
    CVE-2015-8387: Integer overflow in subroutine calls.
  * Add 0001-Fix-overflow-when-ovector-has-size-1.patch.
    CVE-2015-8380: Heap-based buffer overflow in pcre_exec. (Closes: #806467)
  * Add 0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch.
    CVE-2015-8389: Infinite recursion in JIT compiler when processing
    certain patterns.
  * Add 0001-Fix-bug-for-classes-containing-sequences.patch.
    CVE-2015-8390: Reading from uninitialized memory when processing certain
    patterns.
  * Add 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch.
    CVE-2015-8391: Some pathological patterns causes pcre_compile() to run
    for a very long time.
  * Add 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch.
    CVE-2015-8392: Buffer overflow caused by certain patterns with
    duplicated named groups.
  * Add 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch.
    CVE-2015-8393: Information leak when running pcgrep -q on crafted
    binary.
  * Add 0001-Add-missing-integer-overflow-checks.patch.
    CVE-2015-8394: Integer overflow caused by missing check for certain
    conditions.
  * Add 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch.
    CVE-2015-8381: Heap Overflow in compile_regex().
    CVE-2015-8395: Buffer overflow caused by certain references.
    (Closes: #796762)

 -- Salvatore Bonaccorso <email address hidden>  Tue, 29 Dec 2015 09:19:11 +0100

Upload details

Uploaded by:: Mark Baker on 2016-01-23

Uploaded to:: Sid

Original maintainer:: Mark Baker

Architectures:: any

Section:: libs

Urgency:: Medium Urgency

See full publishing history Publishing

Series	Pocket	Published	Component	Section

Builds

Downloads

File	Size	SHA-256 Checksum
pcre3_8.35-3.3+deb8u2.dsc	1.9 KiB	59b440caac5376cb4df1617b4c9a7b4c3ec9d34dd79e222fd041e1cb6157fd17
pcre3_8.35.orig.tar.gz	1.9 MiB	1c9ee292943ba2737f127b481a3f72f44c13fbd09a7b5b4eb8fa58650cfa56a0
pcre3_8.35-3.3+deb8u2.debian.tar.gz	33.8 KiB	e44841b424bac5d292151ba9d4e2a56246064e506f18cc28422dd1f0c47d3095

No changes file available.

Debianpcre3 package

pcre3 2:8.35-3.3+deb8u2 source package in Debian

Changelog

Upload details

See full publishing history Publishing

Builds

Downloads

Binary packages built by this source

Debian
pcre3 package