aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/libpcre/libpcre2_10.23.bb
AgeCommit message (Collapse)Author
2017-08-29libpcre2: Fix CVE-2017-7186rbt/pcreRobert Yang
A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the library. For who is interested in a detailed description of the bug, will follow a feedback from upstream: This was a genuine bug in the 32-bit library. Thanks for finding it. The crash was caused by trying to find a Unicode property for a code value greater than 0x10ffff, the Unicode maximum, when running in non-UTF mode (where character values can be up to 0xffffffff). Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
2017-08-29libpcre2: Fix CVE-2017-8786Robert Yang
The pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
2017-07-24libpcre2_10.23.bb: set CVE_PRODUCT to pcre2Mikko Rapeli
It is used in NVD as product name for CVE's like: https://nvd.nist.gov/vuln/detail/CVE-2017-8786 Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-06-28libpcre2: 10.22 -> 10.23Fan Xin
1. Upgrade libpcre2 from 10.22 to 10.23 2. Update the checksum of LIC_FILES_CHKSUM The copyright time of LICENCE is updated to 2017, the content of LICENCE has no change. Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-04-25 07:25:18 +0000