| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the
library. For who is interested in a detailed description of the bug, will
follow a feedback from upstream:
This was a genuine bug in the 32-bit library. Thanks for finding it. The crash
was caused by trying to find a Unicode property for a code value greater than
0x10ffff, the Unicode maximum, when running in non-UTF mode (where character
values can be up to 0xffffffff).
(From OE-Core rev: 1b87201784e733f3a9d436f56cb5a6151ba6bdfa)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of
service (heap-based buffer overflow) or possibly have unspecified other impact
via a crafted regular expression.
(From OE-Core rev: dd63a26fedb8a578d34850ede4c27e26b8876e7e)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are two major versions of the PCRE library. The newest version, PCRE2,
was released in 2015 and is at version 10.22.
The original, very widely deployed PCRE library, originally released in 1997,
is at version 8.40, and the API and feature set are stable, future releases
will be for bugfixes only. All new future features will be to PCRE2, not the
original PCRE 8.x series.
The newer vte depends on libpcre2, so add it.
(From OE-Core rev: f7165d379cb67c4d4918a8a3e9509d3d823d61da)
(From OE-Core rev: 69c4d94dd6b825c710c6e76fe77e5255ddd1183d)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|