[OE-core] [PATCH][jethro] libpcre: bug fixes include security
Burton, Ross
ross.burton at intel.com
Thu Jan 28 16:01:19 UTC 2016
Armin forgot the Jethro tag as this is fixed in master already.
On 27 January 2016 at 22:20, Armin Kuster <akuster808 at gmail.com> wrote:
> From: Armin Kuster <akuster at mvista.com>
>
> [Yocto # 9008]
>
> This is the next patch release for pcre. The 8.xx series now only contains
> bug fixes.
>
> http://www.pcre.org/original/changelog.txt
>
> The following security fixes are included:
> CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() /
> compile_regex()
> CVE-2015-3217 pcre: stack overflow in match()
> CVE-2015-5073 CVE-2015-8388 pcre: Buffer overflow caused by certain
> patterns with an unmatched closing parenthesis
>
> CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec
> CVE-2015-8381 pcre: Heap Overflow in compile_regex()
> CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group
> CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by
> name within certain group
> CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to
> certain group
> CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion
> CVE-2015-8387 pcre: Integer overflow in subroutine calls
> CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing
> certain patterns
> CVE-2015-8390 pcre: Reading from uninitialized memory when processing
> certain patterns
>
> CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with
> duplicated named groups
> CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted
> binary
> CVE-2015-8394 pcre: Integer overflow caused by missing check for certain
> conditions
> CVE-2015-8395 pcre: Buffer overflow caused by certain references
> CVE-2016-1283 pcre: Heap buffer overflow in pcre_compile2 causes DoS
>
> Signed-off-by: Armin Kuster <akuster at mvista.com>
> ---
> meta/recipes-support/libpcre/{libpcre_8.37.bb => libpcre_8.38.bb} | 4
> ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> rename meta/recipes-support/libpcre/{libpcre_8.37.bb => libpcre_8.38.bb}
> (94%)
>
> diff --git a/meta/recipes-support/libpcre/libpcre_8.37.bb
> b/meta/recipes-support/libpcre/libpcre_8.38.bb
> similarity index 94%
> rename from meta/recipes-support/libpcre/libpcre_8.37.bb
> rename to meta/recipes-support/libpcre/libpcre_8.38.bb
> index 1880639..c567607 100644
> --- a/meta/recipes-support/libpcre/libpcre_8.37.bb
> +++ b/meta/recipes-support/libpcre/libpcre_8.38.bb
> @@ -14,8 +14,8 @@ SRC_URI =
> "${SOURCEFORGE_MIRROR}/project/pcre/pcre/${PV}/pcre-${PV}.tar.bz2 \
> file://Makefile \
> "
>
> -SRC_URI[md5sum] = "ed91be292cb01d21bc7e526816c26981"
> -SRC_URI[sha256sum] =
> "51679ea8006ce31379fb0860e46dd86665d864b5020fc9cd19e71260eef4789d"
> +SRC_URI[md5sum] = "00aabbfe56d5a48b270f999b508c5ad2"
> +SRC_URI[sha256sum] =
> "b9e02d36e23024d6c02a2e5b25204b3a4fa6ade43e0a5f869f254f49535079df"
>
> S = "${WORKDIR}/pcre-${PV}"
>
> --
> 2.3.5
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20160128/09911225/attachment-0002.html>
More information about the Openembedded-core
mailing list