karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
Browse Source

Updated pcre (7.2 -> 7.6) : SECURITY - CRITICAL 

CVE-2007-1659 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent
attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex
patters containing unmatched "\Q\E" sequences with orphan "\E" codes.

CVE-2007-1660 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly calculate sizes
for unspecified "multiple forms of character class", which triggers a buffer overflow that allows
context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary
code.

CVE-2007-1661 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching
certain input bytes against some regex patterns in non-UTF-8 mode, which allows
context-dependent attackers to obtain sensitive information or cause a denial of service (crash),
as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

CVE-2007-1662 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string
when searching for unmatched brackets and parentheses, which allows context-dependent
attackers to cause a denial of service (crash), possibly involving forward references.

CVE-2007-4766 (High) :
Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow
context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via
unspecified escape (backslash) sequences.

CVE-2007-4767 (Medium) :
Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the
length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows
context-dependent attackers to cause a denial of service (infinite loop or crash) or execute
arbitrary code.

CVE-2007-4768 (Medium) :
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3
allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence
in a character class in a regex pattern, which is incorrectly optimized.
early
Aldas Nabazas 17 years ago
parent
083574d34d
commit
47cd5f07e0
1 changed files with 4 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      base/pcre/pcre.desc

8
base/pcre/pcre.desc
Unescape View File

@ -3,7 +3,7 @@
[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
[COPY]
[COPY] Filename: package/.../pcre/pcre.desc
[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project
[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
[COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
[COPY] Copyright (C) 1998 - 2003 Clifford Wolf
[COPY]
@ -32,12 +32,12 @@
[M] The OpenSDE Community <list@opensde.org>
[C] base/library
[F] LIBTOOL-QUIRK NOPARALLEL
[F] NOPARALLEL
[L] BSD
[S] Stable
[V] 7.2
[V] 7.6
[P] X -----5---9 110.000
[D] 1461738484 pcre-7.2.tar.bz2 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
[D] 2677790569 pcre-7.6.tar.bz2 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/

Write Preview
Loading…
Cancel
Save