Overview

File _patchinfo of Package patchinfo.21546

<patchinfo incident="21546">
  <issue tracker="bnc" id="1172973">VUL-1: CVE-2019-20838: pcre: libpcre allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier</issue>
  <issue tracker="bnc" id="1172974">VUL-1: CVE-2020-14155: pcre: libpcre allows an integer overflow via a large number after a (?C substring</issue>
  <issue tracker="bnc" id="1025709">VUL-1: CVE-2017-6004: pcre: crafted regular expression may cause denial of service</issue>
  <issue tracker="bnc" id="1030807">VUL-0: CVE-2017-7244: pcre: The _pcre32_xclass function in pcre_xclass.c allows remote users to read invalid memory</issue>
  <issue tracker="bnc" id="1030066">VUL-0: CVE-2017-7186: pcre,pcre2: DoS by triggering an invalid Unicode property lookup</issue>
  <issue tracker="bnc" id="1030803">VUL-0: CVE-2017-7246: pcre: Stack-based buffer overflow in the pcre32_copy_substring function</issue>
  <issue tracker="bnc" id="1030805">VUL-0: CVE-2017-7245: pcre: Stack-based buffer overflow in the pcre32_copy_substring function</issue>
  <issue tracker="cve" id="2017-6004"/>
  <issue tracker="cve" id="2019-20838"/>
  <issue tracker="cve" id="2017-7186"/>
  <issue tracker="cve" id="2020-14155"/>
  <issue tracker="cve" id="2017-7245"/>
  <issue tracker="cve" id="2017-7244"/>
  <issue tracker="cve" id="2017-7246"/>
  <packager>coolo</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for pcre</summary>
  <description>This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973).
- CVE-2017-7244: Fixed invalid read in _pcre32_xclass() (bsc#1030807).
- CVE-2017-7245: Fixed buffer overflow in the pcre32_copy_substring (bsc#1030805).
- CVE-2017-7246: Fixed another buffer overflow in the pcre32_copy_substring (bsc#1030803).
- CVE-2017-7186: Fixed denial of service caused by an invalid Unicode property lookup (bsc#1030066).
- CVE-2017-6004: Fixed denial of service via crafted regular expression (bsc#1025709).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places