]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b880c92) | patch
libpcre2: Fix CVE-2017-7186 rbt/pcre
authorRobert Yang <liezhi.yang@windriver.com>
Tue, 29 Aug 2017 09:12:01 +0000 (02:12 -0700)
committerRobert Yang <liezhi.yang@windriver.com>
Wed, 30 Aug 2017 00:47:21 +0000 (17:47 -0700)
commit6041037c68eda7d2ce7d31ee5c81d6d193bc6cf0
tree82d12176370736492ad2c3a924f0c8a04103bb01tree
parentb880c92a7789b5b0d630252ee84d0cc0e10863e8commit | diff
libpcre2: Fix CVE-2017-7186

A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the
library. For who is interested in a detailed description of the bug, will
follow a feedback from upstream:

This was a genuine bug in the 32-bit library. Thanks for finding it. The crash
was caused by trying to find a Unicode property for a code value greater than
0x10ffff, the Unicode maximum, when running in non-UTF mode (where character
values can be up to 0xffffffff).

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
meta/recipes-support/libpcre/libpcre2/libpcre2-CVE-2017-7186.patch [new file with mode: 0644] blob
meta/recipes-support/libpcre/libpcre2_10.23.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib