You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

41 lines
1.5 KiB

[COPY] --- SDE-COPYRIGHT-NOTE-BEGIN ---
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY]
[COPY] Filename: package/.../pcre/pcre.desc
Updated pcre (7.2 -> 7.6) : SECURITY - CRITICAL CVE-2007-1659 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patters containing unmatched "\Q\E" sequences with orphan "\E" codes. CVE-2007-1660 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code. CVE-2007-1661 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. CVE-2007-1662 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. CVE-2007-4766 (High) : Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences. CVE-2007-4767 (Medium) : Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code. CVE-2007-4768 (Medium) : Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
17 years ago
[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY] Copyright (C) 1998 - 2003 Clifford Wolf
[COPY]
[COPY] More information can be found in the files COPYING and README.
[COPY]
[COPY] This program is free software; you can redistribute it and/or modify
[COPY] it under the terms of the GNU General Public License as published by
[COPY] the Free Software Foundation; version 2 of the License. A copy of the
[COPY] GNU General Public License can be found in the file COPYING.
[COPY] --- SDE-COPYRIGHT-NOTE-END ---
[I] Perl Compatible Regulat Expressions
[T] The PCRE library is a set of functions that implement regular expression
[T] pattern matching using the same syntax and semantics as Perl 5. PCRE has
[T] its own native API, as well as a set of wrapper functions that correspond
[T] to the POSIX regular expression API. The PCRE library is free, even for
[T] building commercial software.
[T]
[T] PCRE was originally written for the Exim MTA, but is now used by many
[T] projects, including Python, Postfix, KDE, Analog, and PHP.
[U] http://www.pcre.org/
[A] Philip Hazel <ph10@cam.ac.uk>
[M] The OpenSDE Community <list@opensde.org>
[C] base/library
[L] BSD
[S] Stable
[V] 7.8
[P] X -?---5---9 110.000
[D] 1440148778 pcre-7.8.tar.bz2 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/