UbuntuUpdates.org

Package "pcre3"

Name: pcre3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Perl 5 Compatible Regular Expression Library - runtime files
  • Perl 5 Compatible Regular Expression Library - debug symbols
  • Perl 5 Compatible Regular Expression Library - development files
  • Perl 5 Compatible Regular Expression Library - C++ runtime files

Latest version: 1:8.31-2ubuntu2.3
Release: trusty (14.04)
Level: updates
Repository: main

Links



Other versions of "pcre3" in Trusty

Repository Area Version
base main 1:8.31-2ubuntu2
security main 1:8.31-2ubuntu2.2
security universe 1:8.31-2ubuntu2.2
updates universe 1:8.31-2ubuntu2.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:8.31-2ubuntu2.3 2016-04-21 21:06:34 UTC

  pcre3 (1:8.31-2ubuntu2.3) trusty; urgency=medium

  * Fix empty-matching possessive zero-repeat groups bug (LP: #1456195)

 -- Arne de Bruijn <ubuntu@2ar.nl> Wed, 13 Apr 2016 10:51:02 +0200

Source diff to previous version
1456195 Zero-minimum possessive groups does not match empty string

Version: 1:8.31-2ubuntu2.2 2016-03-29 19:07:02 UTC

  pcre3 (1:8.31-2ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: fix multiple security issues by applying patches
    from Debian jessie package:
    - 0001-Fix-overflow-when-ovector-has-size-1.patch
    - 794589-information-disclosure.patch
    - 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch
    - 0001-Add-integer-overflow-check-to-n-code.patch
    - 0001-Fix-bug-for-classes-containing-sequences.patch
    - 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch
    - 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch
    - 0001-Add-missing-integer-overflow-checks.patch
    - 0001-Fix-compile-time-loop-for-recursive-reference-within.patch
    - 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch
    - CVE-2015-2328, CVE-2015-8380, CVE-2015-8382, CVE-2015-8385,
      CVE-2015-8386, CVE-2015-8387, CVE-2015-8390, CVE-2015-8391,
      CVE-2015-8393, CVE-2015-8394
  * SECURITY UPDATE: denial of service via pattern containing (*ACCEPT)
    substring with nested parantheses
    - debian/patches/apply-upstream-revision-1631-closes-8159: fix
      workspace overflow for (*ACCEPT) with deeply nested parentheses in
      pcreposix.c, pcre_compile.c, pcre_internal.h, add tests to
      testdata/testoutput11-8, testdata/testoutput11-16,
      testdata/testinput11.
    - CVE-2016-3191
  * debian/rules: set make check to verbose.

 -- Marc Deslauriers <email address hidden> Fri, 25 Mar 2016 07:55:28 -0400

Source diff to previous version
CVE-2015-2328 PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denia
CVE-2015-8380 The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial
CVE-2015-8382 The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ patte
CVE-2015-8385 PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to
CVE-2015-8386 PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a den
CVE-2015-8387 PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer
CVE-2015-8390 PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized
CVE-2015-8391 The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of ser
CVE-2015-8393 pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a craf
CVE-2015-8394 PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overfl
CVE-2016-3191 The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*A

Version: 1:8.31-2ubuntu2.1 2015-07-29 18:06:58 UTC

  pcre3 (1:8.31-2ubuntu2.1) trusty-security; urgency=low

  [ Seyeong Kim ]
  * SECURITY UPDATE: Heap buffer overflow in pcregrep
    - debian/patches/cve-2014-8964.patch: add ecode check.
      Based on upstream
    - CVE-2014-8964
  * SECURITY UPDATE: PCRE Library Heap Overflow Vulnerability
    - debian/patches/cve-2015-2325.patch: change some variables
      pointer to integer, and related contents. Based on upstream patch
    - CVE-2015-2325
  * SECURITY UPDATE: PCRE Library Heap overflow Vulnerability II
    - debian/patches/cve-2015-2326.patch: take save_hwm_offset out
      from adjust_recurse. Based on upstream patch
    - CVE-2015-2326
  * SECURITY UPDATE: PCRE Library Heap Overflow Vulnerability in
    find_fixedlength()
    - debian/patches/cve-2015-5073.patch: add compare errorcode
      missing test code. Based on upstream patch
    - CVE-2015-5073

  [ Marc Deslauriers ]
  * debian/patches/cve-2015-2325.patch: updated to fix test suite failure
    because of lack of auto-possessification in older pcre.

 -- Marc Deslauriers Fri, 24 Jul 2015 07:57:19 -0400

CVE-2014-8964 Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via
CVE-2015-2325 heap buffer overflow in compile_branch()
CVE-2015-2326 heap buffer overflow in pcre_compile2()
CVE-2015-5073 Heap Overflow Vulnerability in find_fixedlength()



About   -   Send Feedback to @ubuntu_updates