aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/libpcre/libpcre2_10.23.bb
diff options
context:
space:
mode:
authorRobert Yang <liezhi.yang@windriver.com>2017-08-29 02:12:01 -0700
committerRobert Yang <liezhi.yang@windriver.com>2017-08-29 17:47:21 -0700
commit6041037c68eda7d2ce7d31ee5c81d6d193bc6cf0 (patch)
tree82d12176370736492ad2c3a924f0c8a04103bb01 /meta/recipes-support/libpcre/libpcre2_10.23.bb
parentb880c92a7789b5b0d630252ee84d0cc0e10863e8 (diff)
downloadopenembedded-core-contrib-rbt/pcre.tar.gz
openembedded-core-contrib-rbt/pcre.tar.bz2
openembedded-core-contrib-rbt/pcre.zip
libpcre2: Fix CVE-2017-7186rbt/pcre
A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the library. For who is interested in a detailed description of the bug, will follow a feedback from upstream: This was a genuine bug in the 32-bit library. Thanks for finding it. The crash was caused by trying to find a Unicode property for a code value greater than 0x10ffff, the Unicode maximum, when running in non-UTF mode (where character values can be up to 0xffffffff). Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Diffstat (limited to 'meta/recipes-support/libpcre/libpcre2_10.23.bb')
-rw-r--r--meta/recipes-support/libpcre/libpcre2_10.23.bb1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/libpcre/libpcre2_10.23.bb b/meta/recipes-support/libpcre/libpcre2_10.23.bb
index 63f8d51c9e..ca2b028e1c 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.23.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.23.bb
@@ -13,6 +13,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=3de34df49e1fe3c3b59a08dff214488b"
SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
file://pcre-cross.patch \
file://libpcre2-CVE-2017-8786.patch \
+ file://libpcre2-CVE-2017-7186.patch \
"
SRC_URI[md5sum] = "b2cd00ca7e24049040099b0a46bb3649"