-
pcre3 (1:8.31-2ubuntu2.3) trusty; urgency=medium
* Fix empty-matching possessive zero-repeat groups bug (LP: #1456195)
-- Arne de Bruijn <ubuntu@2ar.nl> Wed, 13 Apr 2016 10:51:02 +0200
-
pcre3 (1:8.31-2ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: fix multiple security issues by applying patches
from Debian jessie package:
- 0001-Fix-overflow-when-ovector-has-size-1.patch
- 794589-information-disclosure.patch
- 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch
- 0001-Add-integer-overflow-check-to-n-code.patch
- 0001-Fix-bug-for-classes-containing-sequences.patch
- 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch
- 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch
- 0001-Add-missing-integer-overflow-checks.patch
- 0001-Fix-compile-time-loop-for-recursive-reference-within.patch
- 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch
- CVE-2015-2328, CVE-2015-8380, CVE-2015-8382, CVE-2015-8385,
CVE-2015-8386, CVE-2015-8387, CVE-2015-8390, CVE-2015-8391,
CVE-2015-8393, CVE-2015-8394
* SECURITY UPDATE: denial of service via pattern containing (*ACCEPT)
substring with nested parantheses
- debian/patches/apply-upstream-revision-1631-closes-8159: fix
workspace overflow for (*ACCEPT) with deeply nested parentheses in
pcreposix.c, pcre_compile.c, pcre_internal.h, add tests to
testdata/testoutput11-8, testdata/testoutput11-16,
testdata/testinput11.
- CVE-2016-3191
* debian/rules: set make check to verbose.
-- Marc Deslauriers <email address hidden> Fri, 25 Mar 2016 07:55:28 -0400
-
pcre3 (1:8.31-2ubuntu2.1) trusty-security; urgency=low
[ Seyeong Kim ]
* SECURITY UPDATE: Heap buffer overflow in pcregrep
- debian/patches/cve-2014-8964.patch: add ecode check.
Based on upstream
- CVE-2014-8964
* SECURITY UPDATE: PCRE Library Heap Overflow Vulnerability
- debian/patches/cve-2015-2325.patch: change some variables
pointer to integer, and related contents. Based on upstream patch
- CVE-2015-2325
* SECURITY UPDATE: PCRE Library Heap overflow Vulnerability II
- debian/patches/cve-2015-2326.patch: take save_hwm_offset out
from adjust_recurse. Based on upstream patch
- CVE-2015-2326
* SECURITY UPDATE: PCRE Library Heap Overflow Vulnerability in
find_fixedlength()
- debian/patches/cve-2015-5073.patch: add compare errorcode
missing test code. Based on upstream patch
- CVE-2015-5073
[ Marc Deslauriers ]
* debian/patches/cve-2015-2325.patch: updated to fix test suite failure
because of lack of auto-possessification in older pcre.
-- Marc Deslauriers <email address hidden> Fri, 24 Jul 2015 07:57:19 -0400
-
pcre3 (1:8.31-2ubuntu2) trusty; urgency=low
* Don't patch the soname in the generated configure file, but in
configure.ac.
* Add symbols files to catch the practice to only change the soname
in the generated files.
-- Matthias Klose <email address hidden> Tue, 03 Dec 2013 14:18:01 +0100
-
pcre3 (1:8.31-2ubuntu1) trusty; urgency=low
* Use dh-autoreconf to update config files.
* Use explicit stamp for the configure target.
* Honor dpkg-buildflags.
* Enable parallel builds.
* Configure with --disable-silent-rules.
-- Matthias Klose <email address hidden> Tue, 03 Dec 2013 12:58:45 +0100
-
pcre3 (1:8.31-2) unstable; urgency=low
* Build -dev package as Multi-arch: same. Thanks Steve Langasek / Ubuntu
for the patch (Closes: 696217)
-- Mark Baker <email address hidden> Thu, 03 Jan 2013 20:30:05 +0000
