-
pcre3 (2:8.39-3) unstable; urgency=high
* CVE-2017-7186: invalid Unicode property lookup may cause denial of
service (Closes: #858238)
-- Matthew Vernon <email address hidden> Tue, 21 Mar 2017 22:03:19 +0000
-
pcre3 (2:8.39-2.1) unstable; urgency=high
* Non-maintainer upload.
* CVE-2017-6004: crafted regular expression may cause denial of service
(Closes: #855405)
-- Salvatore Bonaccorso <email address hidden> Fri, 17 Feb 2017 15:56:09 +0100
-
pcre3 (2:8.39-2) unstable; urgency=low
* Update symbols file to reflect compilation with gcc6 (Closes: #811969)
-- Matthew Vernon <email address hidden> Fri, 19 Aug 2016 09:04:15 +0100
-
pcre3 (2:8.39-1) unstable; urgency=medium
[ Ian Jackson ]
* New upstream version (Closes: #832354).
- Drop CVE-2016-1283.patch (now in upstream).
- Adjusted sonames: bumped each minor number where upstream
bumped theirs.
[ Matthew Vernon ]
* Add notes encouraging people to move to pcre2
-- Matthew Vernon <email address hidden> Thu, 28 Jul 2016 16:58:55 +0100
-
pcre3 (2:8.38-3.1) unstable; urgency=medium
* Non-maintainer upload.
* CVE-2016-1283: heap buffer overflow in handling of duplicate named
groups (Closes: #809706)
-- Salvatore Bonaccorso <email address hidden> Tue, 22 Mar 2016 21:05:13 +0100
-
pcre3 (2:8.38-3) unstable; urgency=low
* Apply Ubuntu patch from Iain Lane (modified by Graham Inggs) to add
symbols files (Closes: #767374)
-- Matthew Vernon <email address hidden> Sun, 28 Feb 2016 11:24:52 +0000
-
pcre3 (2:8.38-1) unstable; urgency=low
* New upstream version
-- Matthew Vernon <email address hidden> Tue, 22 Dec 2015 13:37:39 +0000
-
pcre3 (2:8.35-8) unstable; urgency=low
* Remove conflicts with long-vanished pcre{1,2}-dev packages (so new PCRE2 packages can co-exist)
-- Matthew Vernon <email address hidden> Sat, 21 Nov 2015 15:35:13 +0000
-
pcre3 (2:8.35-7.4) unstable; urgency=medium
* Non-maintainer upload.
* Fix copy-and-paste error in Disable_JIT_on_sparc64.patch.
-- John Paul Adrian Glaubitz <email address hidden> Mon, 02 Nov 2015 18:51:13 +0100
-
pcre3 (2:8.35-7.2) unstable; urgency=low
* Non-maintainer upload (with maintainer's permission).
* Add Fix-compiler-crash-misbehaviour-for-zero-repeated-gr.patch.
Fixes "PCRE Library Stack Overflow Vulnerability" (Upstream bug 1503)
* Add Fix-compile-time-loop-for-recursive-reference-within.patch.
Fixes "PCRE Call Stack Overflow Vulnerability" (Upstream bug 1515)
* Add 794589-information-disclosure.patch.
Fixes "pcre_exec does not fill offsets for certain regexps" leading to
information disclosure. (Closes: #794589)
* Add Fix-bad-compile-for-groups-like-2-0-1999.patch.
CVE-2015-2325: heap buffer overflow in compile_branch(). (Closes: #781795)
* Add Fix-bad-compilation-for-patterns-like-1-1-with-forwa.patch.
CVE-2015-2326: heap buffer overflow in pcre_compile2(). (Closes: #783285)
* Add Fix-buffer-overflow-for-named-recursive-back-referen.patch.
CVE-2015-3210: heap buffer overflow in pcre_compile2() /
compile_regex(). (Closes: #787433)
-- Salvatore Bonaccorso <email address hidden> Fri, 11 Sep 2015 20:04:19 +0200
-
pcre3 (2:8.35-7.1) unstable; urgency=medium
* Rename libpcrecpp0 to libpcrecpp0v5. Addresses: #791236.
* Add Conflict/Replaces to the old library.
* Add libpcrecpp0v5 symbols file for GCC 5.
-- Matthias Klose <email address hidden> Tue, 04 Aug 2015 20:23:03 +0200
-
pcre3 (2:8.35-7) unstable; urgency=medium
* Apply upstream patch to fix buffer overflow for forward reference
within backward assertion with excess closing parenthesis
(Closes: #790000)
-- Matthew Vernon <email address hidden> Fri, 26 Jun 2015 08:08:55 +0100
-
pcre3 (2:8.35-6) unstable; urgency=low
[ Thorsten Glaser ]
* Re-add patch disabling JIT on powerpcspe and x32 (Closes: #760327)
* Add back missing debian/changelog entries for 1:8.35-3.2 and 1:8.36-1
-- Matthew Vernon <email address hidden> Sat, 13 Jun 2015 11:45:25 +0100
-
pcre3 (2:8.35-5) unstable; urgency=low
* re-enable jit on ppc64el (by dropping the patch that disables it)
(Closes: #786530)
* patch from Frederic Bonnard to fix the watch file (Closes: #785726)
-- Matthew Vernon <email address hidden> Tue, 26 May 2015 08:27:56 +0100
-
pcre3 (2:8.35-3.3+deb8u4) jessie; urgency=medium
* Non-maintainer upload.
* Add 0001-Fixed-an-issue-with-nested-table-jumps.patch.
Fixes issue with nested table jumps. (Closes: #819050)
-- Salvatore Bonaccorso <email address hidden> Fri, 25 Mar 2016 19:58:10 +0100
-
pcre3 (2:8.35-3.3+deb8u2) jessie; urgency=medium
* Non-maintainer upload.
* Add additional CVE references and bug closer to previous changelog.
CVE-2015-2327 fix was included in the previous 2:8.35-3.3+deb8u1 upload.
CVE-2015-8384 different issue than CVE-2015-3210 but fixed with same
commit.
CVE-2015-8388 different issue than CVE-2015-5073 but fixed with same
commit.
Add bug closer to bugs in the BTS retrospectively.
* Add 0001-Fix-compile-time-loop-for-recursive-reference-within.patch.
CVE-2015-2328: Stack-based buffer overflow in compile_regex().
* Add 794589-information-disclosure.patch.
CVE-2015-8382: Fix "pcre_exec does not fill offsets for certain regexps"
leading to information disclosure. (Closes: #794589)
* Add 0001-Fix-buffer-overflow-for-repeated-conditional-when-re.patch.
CVE-2015-8383: Buffer overflow caused by repeated conditional group.
* Add 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch.
CVE-2015-8385: Buffer overflow caused by forward reference by name to
certain group.
* Add 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch.
CVE-2015-8386: Buffer overflow caused by lookbehind assertion.
* Add 0001-Add-integer-overflow-check-to-n-code.patch.
CVE-2015-8387: Integer overflow in subroutine calls.
* Add 0001-Fix-overflow-when-ovector-has-size-1.patch.
CVE-2015-8380: Heap-based buffer overflow in pcre_exec. (Closes: #806467)
* Add 0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch.
CVE-2015-8389: Infinite recursion in JIT compiler when processing
certain patterns.
* Add 0001-Fix-bug-for-classes-containing-sequences.patch.
CVE-2015-8390: Reading from uninitialized memory when processing certain
patterns.
* Add 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch.
CVE-2015-8391: Some pathological patterns causes pcre_compile() to run
for a very long time.
* Add 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch.
CVE-2015-8392: Buffer overflow caused by certain patterns with
duplicated named groups.
* Add 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch.
CVE-2015-8393: Information leak when running pcgrep -q on crafted
binary.
* Add 0001-Add-missing-integer-overflow-checks.patch.
CVE-2015-8394: Integer overflow caused by missing check for certain
conditions.
* Add 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch.
CVE-2015-8381: Heap Overflow in compile_regex().
CVE-2015-8395: Buffer overflow caused by certain references.
(Closes: #796762)
-- Salvatore Bonaccorso <email address hidden> Tue, 29 Dec 2015 09:19:11 +0100
-
pcre3 (2:8.35-3.3) unstable; urgency=medium
* Non-maintainer upload.
* Upstream patch for heap buffer overflow, CVE-2014-8964, taken from
1:8.36-1 (Closes: #770478)
Thanks to Salvatore Bonaccorso for the reminder.
-- Ivo De Decker <email address hidden> Sat, 06 Dec 2014 19:58:19 +0100