Accepted pcre3 2:8.35-3.3+deb8u2 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted pcre3 2:8.35-3.3+deb8u2 (source) into proposed-updates->stable-new, proposed-updates
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 10 Jan 2016 23:02:25 +0000
Message-id: <[🔎] E1aIP0D-0001wm-Tf@franck.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 29 Dec 2015 09:19:11 +0100
Source: pcre3
Binary: libpcre3 libpcre3-udeb libpcrecpp0 libpcre3-dev libpcre3-dbg pcregrep
Architecture: source
Version: 2:8.35-3.3+deb8u2
Distribution: jessie
Urgency: medium
Maintainer: Mark Baker <mark@mnb.org.uk>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 794589 796762 806467
Description: 
 libpcre3   - Perl 5 Compatible Regular Expression Library - runtime files
 libpcre3-dbg - Perl 5 Compatible Regular Expression Library - debug symbols
 libpcre3-dev - Perl 5 Compatible Regular Expression Library - development files
 libpcre3-udeb - Perl 5 Compatible Regular Expression Library - runtime files (ude (udeb)
 libpcrecpp0 - Perl 5 Compatible Regular Expression Library - C++ runtime files
 pcregrep   - grep utility that uses perl 5 compatible regexes.
Changes:
 pcre3 (2:8.35-3.3+deb8u2) jessie; urgency=medium
 .
   * Non-maintainer upload.
   * Add additional CVE references and bug closer to previous changelog.
     CVE-2015-2327 fix was included in the previous 2:8.35-3.3+deb8u1 upload.
     CVE-2015-8384 different issue than CVE-2015-3210 but fixed with same
     commit.
     CVE-2015-8388 different issue than CVE-2015-5073 but fixed with same
     commit.
     Add bug closer to bugs in the BTS retrospectively.
   * Add 0001-Fix-compile-time-loop-for-recursive-reference-within.patch.
     CVE-2015-2328: Stack-based buffer overflow in compile_regex().
   * Add 794589-information-disclosure.patch.
     CVE-2015-8382: Fix "pcre_exec does not fill offsets for certain regexps"
     leading to information disclosure. (Closes: #794589)
   * Add 0001-Fix-buffer-overflow-for-repeated-conditional-when-re.patch.
     CVE-2015-8383: Buffer overflow caused by repeated conditional group.
   * Add 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch.
     CVE-2015-8385: Buffer overflow caused by forward reference by name to
     certain group.
   * Add 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch.
     CVE-2015-8386: Buffer overflow caused by lookbehind assertion.
   * Add 0001-Add-integer-overflow-check-to-n-code.patch.
     CVE-2015-8387: Integer overflow in subroutine calls.
   * Add 0001-Fix-overflow-when-ovector-has-size-1.patch.
     CVE-2015-8380: Heap-based buffer overflow in pcre_exec. (Closes: #806467)
   * Add 0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch.
     CVE-2015-8389: Infinite recursion in JIT compiler when processing
     certain patterns.
   * Add 0001-Fix-bug-for-classes-containing-sequences.patch.
     CVE-2015-8390: Reading from uninitialized memory when processing certain
     patterns.
   * Add 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch.
     CVE-2015-8391: Some pathological patterns causes pcre_compile() to run
     for a very long time.
   * Add 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch.
     CVE-2015-8392: Buffer overflow caused by certain patterns with
     duplicated named groups.
   * Add 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch.
     CVE-2015-8393: Information leak when running pcgrep -q on crafted
     binary.
   * Add 0001-Add-missing-integer-overflow-checks.patch.
     CVE-2015-8394: Integer overflow caused by missing check for certain
     conditions.
   * Add 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch.
     CVE-2015-8381: Heap Overflow in compile_regex().
     CVE-2015-8395: Buffer overflow caused by certain references.
     (Closes: #796762)
Checksums-Sha1: 
 46e3a6b8646182fbad5e5f3419ecf73b79fe9c4f 1985 pcre3_8.35-3.3+deb8u2.dsc
 c5ed968e38eeb8c7f03c5f8bddc2fe8cc16d7d96 34594 pcre3_8.35-3.3+deb8u2.debian.tar.gz
Checksums-Sha256: 
 59b440caac5376cb4df1617b4c9a7b4c3ec9d34dd79e222fd041e1cb6157fd17 1985 pcre3_8.35-3.3+deb8u2.dsc
 e44841b424bac5d292151ba9d4e2a56246064e506f18cc28422dd1f0c47d3095 34594 pcre3_8.35-3.3+deb8u2.debian.tar.gz
Files: 
 ae29c623917e8d59b0f779409756fadd 1985 libs optional pcre3_8.35-3.3+deb8u2.dsc
 61d2cba984bae7f3c321b9a6e939120c 34594 libs optional pcre3_8.35-3.3+deb8u2.debian.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWkqhwAAoJEAVMuPMTQ89EsC8P/1hc2tEuRKNnql1FsxmIWfQ9
uNfNXXwhFTzdk/r63siZ2Vmy/7SKZ94IF6oApBZa3mMEcxMtSmMClDerP0AxvVa0
mPl7jaVSbWHvl0D4SsgkjK8LhnjH/ttyveAACa4cdi1sxd5foQjPKTzOMEaPugfa
DDxbMFpwtilbC5Dm3jnNuv3MCSZO4+9VglPin1pSF5t9AVmoYuVihJrHKaIJZD5I
iLKSiI3RLF6T+zQvjEZWE4kgpnncqVPaTob7/4Xu8Jab+B0gVV3NBkZhpUQaOTy/
yU11UmHSYDa1IiBj40pZyjMpQhk+3Smdf+6YpRVVCKwcvo5KxitLZC/O/dRw+XKu
CCaLCkUNmm19efAzajJcK+62FnC6N2V6X/LVPisDsxXSbIIibOmLnGVqgqENuYhE
tLhpRzLQwBya/Ng4MPweY6SyU0BCz2pH0HoTF92qBYxEkV8YNI0j4IQAtzt2vZbi
Xsu8HFw27rXSMwzDEcAhezhOCctJX2pSX1WuSxCuSY/nDuLsjNF96DLLxngQwEQh
R+1dP0dfTJ2bJHUuD5eiQWAmyHgzlDeN4JceHCo7sFeopjg7jW1Hbnfe0gnHYmoN
QjBZxPzp60IKQs7VDHH1GafTQr7tjD+PsIn8oBONUsYeK25xW84+Htd8D9WPwqkE
Erj1CzKltjiVO8LYy/hN
=1Tw6
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted madfuload 1.2-4+deb8u1 (amd64 i386 source) into proposed-updates->stable-new, proposed-updates
Next by Date: Accepted libapache-mod-fastcgi 2.4.7~0910052141-1.1+deb8u1 (amd64 i386 source) into proposed-updates->stable-new, proposed-updates
Previous by thread: Accepted madfuload 1.2-4+deb8u1 (amd64 i386 source) into proposed-updates->stable-new, proposed-updates
Next by thread: Accepted libapache-mod-fastcgi 2.4.7~0910052141-1.1+deb8u1 (amd64 i386 source) into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread