Age | Commit message (Collapse) | Author |
|
A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the
library. For who is interested in a detailed description of the bug, will
follow a feedback from upstream:
This was a genuine bug in the 32-bit library. Thanks for finding it. The crash
was caused by trying to find a Unicode property for a code value greater than
0x10ffff, the Unicode maximum, when running in non-UTF mode (where character
values can be up to 0xffffffff).
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of
service (heap-based buffer overflow) or possibly have unspecified other impact
via a crafted regular expression.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is used in NVD as product name for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-8786
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1. Upgrade libpcre2 from 10.22 to 10.23
2. Update the checksum of LIC_FILES_CHKSUM
The copyright time of LICENCE is updated to 2017, the content of LICENCE has no change.
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|