projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 29f956d) | patch
package/pcre: security bump to version 8.41
authorBernd Kuhls <bernd.kuhls@t-online.de>
Thu, 13 Jul 2017 19:39:28 +0000 (21:39 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 13 Jul 2017 20:13:56 +0000 (22:13 +0200)
commitbc6a84bb3d05e0d752ecf59bb35ac827e9b76185
treedde5c457713372ae2bb14b2322b8b1f293c72de7tree
parent29f956d99c3b3b8a90258a88d79b6c76e724b714commit | diff
package/pcre: security bump to version 8.41

Removed patches 0003 & 0004, applied upstream.

Fixes the following security issues:

CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 allows remote attackers to cause a denial of service (invalid
memory read) via a crafted file.

CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 4) or possibly have unspecified
other impact via a crafted file.

CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 268) or possibly have unspecified
other impact via a crafted file.

[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/pcre/0003-CVE-2017-6004.patch [deleted file] blob | history
package/pcre/0004-CVE-2017-7186.patch [deleted file] blob | history
package/pcre/pcre.hash diff | blob | history
package/pcre/pcre.mk diff | blob | history