From b880c92a7789b5b0d630252ee84d0cc0e10863e8 Mon Sep 17 00:00:00 2001
From: Robert Yang <liezhi.yang@windriver.com>
Date: Mon, 28 Aug 2017 03:01:22 -0700
Subject: libpcre2: Fix CVE-2017-8786

The pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of
service (heap-based buffer overflow) or possibly have unspecified other impact
via a crafted regular expression.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta/recipes-support/libpcre/libpcre2_10.23.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-support/libpcre/libpcre2_10.23.bb')

diff --git a/meta/recipes-support/libpcre/libpcre2_10.23.bb b/meta/recipes-support/libpcre/libpcre2_10.23.bb
index 794d973d71..63f8d51c9e 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.23.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.23.bb
@@ -12,6 +12,7 @@ LIC_FILES_CHKSUM = "file://LICENCE;md5=3de34df49e1fe3c3b59a08dff214488b"
 
 SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
            file://pcre-cross.patch \
+           file://libpcre2-CVE-2017-8786.patch \
 "
 
 SRC_URI[md5sum] = "b2cd00ca7e24049040099b0a46bb3649"
-- 
cgit 1.2.3-korg