File _patchinfo of Package patchinfo.25626
<patchinfo incident="25626"> <issue tracker="bnc" id="1164550">VUL-0: CVE-2019-19203: oniguruma: heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c</issue> <issue tracker="bnc" id="1177179">VUL-1: CVE-2020-26159: oniguruma: Buffer overflow in concat_opt_exact_str could result in DoS</issue> <issue tracker="bnc" id="1164569">VUL-0: CVE-2019-19204: oniguruma: heap-based buffer over-read in function fetch_interval_quantifier in regparse.c</issue> <issue tracker="bnc" id="1157805">VUL-0: CVE-2019-19246: oniguruma: Heap-based buffer over-read in str_lower_case_match in regexec.c</issue> <issue tracker="bnc" id="1142847">VUL-0: CVE-2019-13224: oniguruma: use-after-free in onig_new_deluxe() in regext.c</issue> <issue tracker="bnc" id="1150130">VUL-1: CVE-2019-16163: oniguruma: stack Exhaustion in regcomp.c because of recursion in regparse.c.</issue> <issue tracker="cve" id="2019-16163"/> <issue tracker="cve" id="2019-19203"/> <issue tracker="cve" id="2019-13224"/> <issue tracker="cve" id="2019-19204"/> <issue tracker="cve" id="2020-26159"/> <issue tracker="cve" id="2019-19246"/> <packager>darix</packager> <rating>important</rating> <category>security</category> <summary>Security update for oniguruma</summary> <description>This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching (bsc#1157805). - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression (bsc#1164569). - CVE-2019-19203: Fixed an out of bounds access when performing a string search (bsc#1164550). - CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a crafted regular expression, which could lead to denial of service (bsc#1150130). - CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179). - CVE-2019-13224: Fixed a potential use-after-free when handling multiple different encodings (bsc#1142847). </description> </patchinfo>
