UbuntuUpdates.org

Package "pcre3"

Name: pcre3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Perl 5 Compatible Regular Expression Library - runtime files
  • Perl 5 Compatible Regular Expression Library - debug symbols
  • Perl 5 Compatible Regular Expression Library - development files
  • Perl 5 Compatible Regular Expression Library - C++ runtime files

Latest version: 8.12-4ubuntu0.2
Release: precise (12.04)
Level: updates
Repository: main

Links



Other versions of "pcre3" in Precise

Repository Area Version
base main 8.12-4
base universe 8.12-4
security universe 8.12-4ubuntu0.2
security main 8.12-4ubuntu0.2
updates universe 8.12-4ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.12-4ubuntu0.2 2016-03-29 19:07:00 UTC

  pcre3 (8.12-4ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: fix multiple security issues by backporting upstream
    commits:
    - http://vcs.pcre.org/pcre?view=revision&revision=1495
    - http://vcs.pcre.org/pcre?view=revision&revision=1510
    - http://vcs.pcre.org/pcre?view=revision&revision=1559
    - http://vcs.pcre.org/pcre?view=revision&revision=1563
    - http://vcs.pcre.org/pcre?view=revision&revision=1578
    - http://vcs.pcre.org/pcre?view=revision&revision=1586
    - http://vcs.pcre.org/pcre?view=revision&revision=1589
    - CVE-2015-2327, CVE-2015-8382, CVE-2015-8385, CVE-2015-8387,
      CVE-2015-8390, CVE-2015-8393, CVE-2015-8394
  * debian/rules: set make check to verbose.

 -- Marc Deslauriers <email address hidden> Fri, 25 Mar 2016 09:16:55 -0400

Source diff to previous version
CVE-2015-2327 PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows re
CVE-2015-8382 The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ patte
CVE-2015-8385 PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to
CVE-2015-8387 PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer
CVE-2015-8390 PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized
CVE-2015-8393 pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a craf
CVE-2015-8394 PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overfl

Version: 8.12-4ubuntu0.1 2015-07-29 18:06:56 UTC

  pcre3 (8.12-4ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: PCRE Library Heap Overflow Vulnerability in
    find_fixedlength()
    - check errorcode in pcre_compile.c, added test to testdata/test*2.
    - http://vcs.pcre.org/pcre?view=revision&revision=1571
    - CVE-2015-5073

 -- Marc Deslauriers Fri, 24 Jul 2015 08:28:38 -0400

CVE-2015-5073 Heap Overflow Vulnerability in find_fixedlength()



About   -   Send Feedback to @ubuntu_updates