git.ipfire.org Git - ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Tue, 2 Sep 2025 07:30:44 +0000 (09:30 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 2 Sep 2025 13:03:48 +0000 (13:03 +0000)
commit	5c924fdccb6cceacaf536d4710dd989c829a689f
tree	fa3abfcf4ca2d2e8091525dbb54e99fc94c571bc	tree \| snapshot
parent	df79229e7f6f59b5799ee69a944b812a5002c0cb	commit \| diff

pcre2: Update to version 10.46

- Update from version 10.45 to 10.46
- Update of rootfile
- Changelog
10.46
This is a security-only release, to address CVE-2025-58050.
Compared to 10.45, this release has only a minimal code change to prevent a
read-past-the-end memory error, of arbitrary length. An attacker-controlled
regex pattern is required, and it cannot be triggered by providing crafted
subject (match) text. The (*ACCEPT) and (*scs:) pattern features must be used
together.
Release 10.44 and earlier are not affected.
This could have implications of denial-of-service or information disclosure,
and could potentially be used to escalate other vulnerabilities in a system
(such as information disclosure being used to escalate the severity of an
unrelated bug in another system).

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/common/pcre2		diff \| blob \| blame \| history
lfs/pcre2		diff \| blob \| blame \| history