← Back to team overview

landing-team-changes team mailing list archive

  1. landing-team-changes team
  2. Mailing list archive
  3. Message #06701

[stable-overlay] pcre3 (2:8.35-3.3ubuntu1.3)

  Thread PreviousDate PreviousThread Next 
Uploaded to the Stable Phone Overlay PPA (~ci-train-ppa-service/ubuntu/stable-phone-overlay vivid) archive

---------------
Format: 1.8
Date: Fri, 27 Jan 2017 15:16:02 -0600
Source: pcre3
Binary: libpcre3 libpcre3-udeb libpcrecpp0 libpcre3-dev libpcre3-dbg pcregrep
Architecture: source
Version: 2:8.35-3.3ubuntu1.3
Distribution: vivid-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@xxxxxxxxxxxxxxxx>
Changed-By: Emily Ratliff <emily.ratliff@xxxxxxxxxxxxx>
Description:
 libpcre3   - Perl 5 Compatible Regular Expression Library - runtime files
 libpcre3-dbg - Perl 5 Compatible Regular Expression Library - debug symbols
 libpcre3-dev - Perl 5 Compatible Regular Expression Library - development files
 libpcre3-udeb - Perl 5 Compatible Regular Expression Library - runtime files (ude (udeb)
 libpcrecpp0 - Perl 5 Compatible Regular Expression Library - C++ runtime files
 pcregrep   - grep utility that uses perl 5 compatible regexes.
Changes:
 pcre3 (2:8.35-3.3ubuntu1.3) vivid-security; urgency=medium
 .
   * SECURITY UPDATE: fix multiple security issues by applying patches
     from Debian jessie package:
     - 0001-Fix-compile-time-loop-for-recursive-reference-within.patch
     - 794589-information-disclosure.patch
     - 0001-Fix-buffer-overflow-for-repeated-conditional-when-re.patch
     - 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch
     - 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch
     - 0001-Add-integer-overflow-check-to-n-code.patch
     - 0001-Fix-overflow-when-ovector-has-size-1.patch
     - 0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch
     - 0001-Fix-bug-for-classes-containing-sequences.patch
     - 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch
     - 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch
     - 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch
     - 0001-Add-missing-integer-overflow-checks.patch
     - 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch
     - debian/patches/fix_test11.patch: fix test failure caused by
       0001-Fix-buffer-overflow-for-named-references-in-situatio.patch.
     - debian/patches/fix_typo_in_jit.patch: fix typo in commit in
       0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch.
     - CVE-2015-2327, CVE-2015-2328, CVE-2015-8380, CVE-2015-8381,
       CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385,
       CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389,
       CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393,
       CVE-2015-8394, CVE-2015-8395
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted regular expression
     - debian/patches/CVE-2016-1283.patch: fix another duplicate name issue
       in pcre_compile.c, add tests to testdata/testinput2,
       testdata/testoutput2.
     - CVE-2016-1283
   * SECURITY UPDATE: denial of service via pattern containing (*ACCEPT)
     substring with nested parantheses
     - debian/patches/apply-upstream-revision-1631-closes-8159: fix
       workspace overflow for (*ACCEPT) with deeply nested parentheses in
       pcreposix.c, pcre_compile.c, pcre_internal.h, add tests to
       testdata/testoutput11-8, testdata/testoutput11-16,
      testdata/testinput11, testdata/testoutput11-32.
     - CVE-2016-3191
   * SECURITY UPDATE: nested alternatives segfault when JIT is used
     - debian/patches/CVE-2014-9769.patch: fixed issue with nested table
       jumps in pcre_jit_compile.c, added test to testdata/testinput1,
       testdata/testoutput1.
     - CVE-2014-9769
Checksums-Sha1:
 689e899583df7a32412ac3dfcfefb100582a9c77 2070 pcre3_8.35-3.3ubuntu1.3.dsc
 7dc7bee43a83b3d07f73fff8b206bd6c04dee13b 42941 pcre3_8.35-3.3ubuntu1.3.debian.tar.gz
Checksums-Sha256:
 72eb851a7f01881ca88e182124a51ca1a77c6e04ae31b4c1913ea86fb5c68244 2070 pcre3_8.35-3.3ubuntu1.3.dsc
 04d684a8eb5e5ab029123a3b05e76084181038cfb46e3154791f94ba2672f8ca 42941 pcre3_8.35-3.3ubuntu1.3.debian.tar.gz
Files:
 81fea4e65ad410db4ed9c8221b568324 2070 libs optional pcre3_8.35-3.3ubuntu1.3.dsc
 bae72eb6bd87478ed8a796d3d3c8833a 42941 libs optional pcre3_8.35-3.3ubuntu1.3.debian.tar.gz
Original-Maintainer: Mark Baker <mark@xxxxxxxxxx>
  Thread PreviousDate PreviousThread Next