rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Bernd Kuhls <bernd.kuhls@t-online.de>
	Thu, 13 Jul 2017 19:39:28 +0000 (21:39 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Wed, 19 Jul 2017 14:31:53 +0000 (16:31 +0200)
commit	4f04881f1b7e1f749964f4f0e3250d6d85d0c47d
tree	ec5d9d56ff12f9a4c9159b0e5eb252bd516761b6	tree \| snapshot
parent	59045b2bb7b24473aca4dcaa230a975fe054e477	commit \| diff

package/pcre: security bump to version 8.41

Removed patches 0003 & 0004, applied upstream.

Fixes the following security issues:

CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 allows remote attackers to cause a denial of service (invalid
memory read) via a crafted file.

CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 4) or possibly have unspecified
other impact via a crafted file.

CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 268) or possibly have unspecified
other impact via a crafted file.

[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit bc6a84bb3d05e0d752ecf59bb35ac827e9b76185)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/pcre/0003-CVE-2017-6004.patch	[deleted file]	blob \| history
package/pcre/0004-CVE-2017-7186.patch	[deleted file]	blob \| history
package/pcre/pcre.hash		diff \| blob \| history
package/pcre/pcre.mk		diff \| blob \| history