
<div dir="ltr">Armin forgot the Jethro tag as this is fixed in master already.<br><div class="gmail_extra"><br><div class="gmail_quote">On 27 January 2016 at 22:20, Armin Kuster <span dir="ltr">&lt;<a href="mailto:akuster808@gmail.com" target="_blank">akuster808@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">From: Armin Kuster &lt;<a href="mailto:akuster@mvista.com">akuster@mvista.com</a>&gt;<br>

<br>

[Yocto # 9008]<br>

<br>

This is the next patch release for pcre. The 8.xx series now only contains<br>

bug fixes.<br>

<br>

<a href="http://www.pcre.org/original/changelog.txt" rel="noreferrer" target="_blank">http://www.pcre.org/original/changelog.txt</a><br>

<br>

The following security fixes are included:<br>

CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex()<br>

CVE-2015-3217 pcre: stack overflow in match()<br>

CVE-2015-5073 CVE-2015-8388 pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis<br>

<br>

CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec<br>

CVE-2015-8381 pcre: Heap Overflow in compile_regex()<br>

CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group<br>

CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by name within certain group<br>

CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to certain group<br>

CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion<br>

CVE-2015-8387 pcre: Integer overflow in subroutine calls<br>

CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns<br>

Â CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns<br>

<br>

Â CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with duplicated named groups<br>

Â CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary<br>

Â CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions<br>

Â CVE-2015-8395 pcre: Buffer overflow caused by certain references<br>

Â CVE-2016-1283 pcre: Heap buffer overflow in pcre_compile2 causes DoS<br>

<br>

Signed-off-by: Armin Kuster &lt;<a href="mailto:akuster@mvista.com">akuster@mvista.com</a>&gt;<br>

---<br>

Â meta/recipes-support/libpcre/{<a href="http://libpcre_8.37.bb" rel="noreferrer" target="_blank">libpcre_8.37.bb</a> =&gt; <a href="http://libpcre_8.38.bb" rel="noreferrer" target="_blank">libpcre_8.38.bb</a>} | 4 ++--<br>

Â 1 file changed, 2 insertions(+), 2 deletions(-)<br>

Â rename meta/recipes-support/libpcre/{<a href="http://libpcre_8.37.bb" rel="noreferrer" target="_blank">libpcre_8.37.bb</a> =&gt; <a href="http://libpcre_8.38.bb" rel="noreferrer" target="_blank">libpcre_8.38.bb</a>} (94%)<br>

<br>

diff --git a/meta/recipes-support/libpcre/<a href="http://libpcre_8.37.bb" rel="noreferrer" target="_blank">libpcre_8.37.bb</a> b/meta/recipes-support/libpcre/<a href="http://libpcre_8.38.bb" rel="noreferrer" target="_blank">libpcre_8.38.bb</a><br>

similarity index 94%<br>

rename from meta/recipes-support/libpcre/<a href="http://libpcre_8.37.bb" rel="noreferrer" target="_blank">libpcre_8.37.bb</a><br>

rename to meta/recipes-support/libpcre/<a href="http://libpcre_8.38.bb" rel="noreferrer" target="_blank">libpcre_8.38.bb</a><br>

index 1880639..c567607 100644<br>

--- a/meta/recipes-support/libpcre/<a href="http://libpcre_8.37.bb" rel="noreferrer" target="_blank">libpcre_8.37.bb</a><br>

+++ b/meta/recipes-support/libpcre/<a href="http://libpcre_8.38.bb" rel="noreferrer" target="_blank">libpcre_8.38.bb</a><br>

@@ -14,8 +14,8 @@ SRC_URI = &quot;${SOURCEFORGE_MIRROR}/project/pcre/pcre/${PV}/pcre-${PV}.tar.bz2 \<br>

Â  Â  Â  Â  Â  Â  file://Makefile \<br>

Â &quot;<br>

<br>

-SRC_URI[md5sum] = &quot;ed91be292cb01d21bc7e526816c26981&quot;<br>

-SRC_URI[sha256sum] = &quot;51679ea8006ce31379fb0860e46dd86665d864b5020fc9cd19e71260eef4789d&quot;<br>

+SRC_URI[md5sum] = &quot;00aabbfe56d5a48b270f999b508c5ad2&quot;<br>

+SRC_URI[sha256sum] = &quot;b9e02d36e23024d6c02a2e5b25204b3a4fa6ade43e0a5f869f254f49535079df&quot;<br>

<br>

Â S = &quot;${WORKDIR}/pcre-${PV}&quot;<br>

<span class="HOEnZb"><font color="#888888"><br>

--<br>

2.3.5<br>

<br>

--<br>

_______________________________________________<br>

Openembedded-core mailing list<br>

<a href="mailto:Openembedded-core@lists.openembedded.org">Openembedded-core@lists.openembedded.org</a><br>

<a href="http://lists.openembedded.org/mailman/listinfo/openembedded-core" rel="noreferrer" target="_blank">http://lists.openembedded.org/mailman/listinfo/openembedded-core</a><br>

</font></span></blockquote></div><br></div></div>