OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/pcre2?expand=0&rev=22

2017-09-11 19:12:21 +00:00 · 2017-09-11 19:12:21 +00:00 · d038c3e571
commit d038c3e571
parent 10f9ed3570
1 changed files with 7 additions and 0 deletions
--- a/pcre2.changes
+++ b/pcre2.changes
@ -25,6 +25,13 @@ Mon Sep 11 18:14:30 UTC 2017 - jengelh@inai.de
  * The match limit value now also applies to pcre2_dfa_match()
    as there are patterns that can use up a lot of resources
    without necessarily recursing very deeply.
+  * Various minor security fixes found by fuzzers:
+    + bsc#1037165: crash for forward reference in lookbehind with 
+                   PCRE2_ANCHORED
+    + CVE-2017-8786: heap-based buffer overflow write in pcre2test
+                     (bsc#1036942)
+    + CVE-2017-7186: DoS by triggering an invalid Unicode property
+                     lookup (bsc#1030066) 
 - Switch source URLs to use HTTP.

 -------------------------------------------------------------------