dx-packages team mailing list archive

Thread
Date

[Bug 2103918] [NEW] nux needs to stop using pcre3

To: dx-packages@xxxxxxxxxxxxxxxxxxx
From: Jeremy Bícha <2103918@xxxxxxxxxxxxxxxxxx>
Date: Sun, 23 Mar 2025 12:55:23 -0000
Reply-to: Bug 2103918 <2103918@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Public security bug reported:

pcre3 is the **older** version. pcre2 is the newer version.

nux appears to basically be the last thing in Ubuntu keeping pcre3 in
Ubuntu. pcre3 is a security-sensitive library and is no longer
maintained upstream. pcre2 is enough different from pcre3 that it is
complicated to backport security fixes.

pcre3 is basically only used in Nux/Validator.cpp

** Affects: nux (Ubuntu)
     Importance: High
         Status: Triaged


** Tags: plucky

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to nux in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/2103918

Title:
  nux needs to stop using pcre3

Status in nux package in Ubuntu:
  Triaged

Bug description:
  pcre3 is the **older** version. pcre2 is the newer version.

  nux appears to basically be the last thing in Ubuntu keeping pcre3 in
  Ubuntu. pcre3 is a security-sensitive library and is no longer
  maintained upstream. pcre2 is enough different from pcre3 that it is
  complicated to backport security fixes.

  pcre3 is basically only used in Nux/Validator.cpp

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nux/+bug/2103918/+subscriptions