Accepted pcre2 10.32-5+deb10u1 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted pcre2 10.32-5+deb10u1 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 16 Mar 2023 02:10:24 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: pcre2_10.32-5+deb10u1_source.changes
- Debian-source: pcre2
- Debian-suite: oldstable
- Debian-version: 10.32-5+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=IDHLAUItxt1mr/A7YHLMt+fZ6jSP5XQfi6ZjiXKZkUg=; b=sanog2oGYCVYsr+3THj8NZh/pG 8/GeKjxyEN5HcgsRkY1kOBraOxXQN+7O0Mbs7OsA9H8nqiJM3bgfuonP+RhETWti/q6jQnTfHp985 awkJwF2YIpD5NDVMN+0ONEq+BE+gYCpjVMFkMmuvkqIVpv9GAegBlI2EhvfExT9RkPOrQsLCblFqs J+21oDdbaH2sB+VbFobe1FSvCtAQMHUZkEXUoDWMcWwzaXYObjJZe9qV6ofcvb41pUfMRge+HjKwH caFR6F/815fQnv+BlZiM51WD+nJ6/0nwVSN2ZRyL4FRe7s4HDV6ST5wJdYnY+xwolnrxnzWG3PnT1 YnYN5Wkw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pcd4S-00HWlY-WF@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 16 Mar 2023 01:21:36 +0100
Source: pcre2
Architecture: source
Version: 10.32-5+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1011954
Changes:
pcre2 (10.32-5+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2019-20454: Out-of-bounds read when the pattern \X is JIT compiled and
used to match specially crafted subjects in non-UTF mode.
* CVE-2022-1586: Out-of-bounds read involving unicode property matching in
JIT-compiled regular expressions. The issue occurs because the character
was not fully read in case-less matching within JIT. (Closes: #1011954).
* CVE-2022-1587: Out-of-bounds read affecting recursions in JIT-compiled
regular expressions caused by duplicate data transfers. (Closes:
#1011954).
* Subject buffer overread in JIT when UTF is disabled and \X or \R has a
greater than 1 fixed quantifier.
Checksums-Sha1:
8e441840f3e0ffcd3cfa47f44ba68788da136a97 2234 pcre2_10.32-5+deb10u1.dsc
5bfe471f07224c1fac741d426462553f9fc3af84 2169349 pcre2_10.32.orig.tar.gz
0a9c7de96639b820a1427746c3c0266bdc59a493 9691 pcre2_10.32-5+deb10u1.diff.gz
6586ee2ba79255b2159d143f4d059b140754a3e3 7655 pcre2_10.32-5+deb10u1_amd64.buildinfo
Checksums-Sha256:
84b64673e5b8f4d2f2b75e293a151df97020ecc32871961a6dfc30a588f5fc57 2234 pcre2_10.32-5+deb10u1.dsc
9ca9be72e1a04f22be308323caa8c06ebd0c51efe99ee11278186cafbc4fe3af 2169349 pcre2_10.32.orig.tar.gz
1a425dd654d2ffd1e7e3456865a0d0ec2fd04639469a2f73f18138f01df1377b 9691 pcre2_10.32-5+deb10u1.diff.gz
c87cab60a77877489e2c1939052973305dcee20d8dfc117bf5601369121856b9 7655 pcre2_10.32-5+deb10u1_amd64.buildinfo
Files:
a9989eb3586b9d6aaf6a6df0ad14fe3b 2234 libs optional pcre2_10.32-5+deb10u1.dsc
a660db882ff171e6a0de5fb1decd5ff5 2169349 libs optional pcre2_10.32.orig.tar.gz
489d44e5d45cfbbee8a31903602e2c90 9691 libs optional pcre2_10.32-5+deb10u1.diff.gz
6acc2944caccb3657df30f7c0144de83 7655 libs optional pcre2_10.32-5+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmQScxcACgkQ05pJnDwh
pVJEtRAAriSVvXFOms+BABTve2Xn8REzpEf6vlDcN5j438bzCe2fGg6+4zmMpkqz
Xnx7HGM8sZWouSuc9GILY0LFJw5EhVVC+bgija5b4tdsxv3hF/DcgsQdxietKc73
SYlnRSpXY1dmSw0FGPqrJvsDmVogz28O8sGLLX4zf+C9mrKDkCSsxDqORp2CbTIL
TZltUVogk5ai8KjIjhHnPgMmzezy0n8FJPm6HRIzMr9McKNPzWMOAYapvUH4p5C+
z/z6grepJpNMyHh1AcpvKKRJl2j2V0Uk3MGLy47flR7TYSGJMbGiZf5xAtxCdSm4
lepjuF9x0wWbaQgSTCXtuKoKy1C4SLTa2UgI8K55UGXDfyKD2FGtggPnn9ONceaB
DwJHisbv3gyJOMfXOpkajQfi81lZ2D0DxEi8xSlRRsl6M/xOJcIT8+01Hr5P0mE7
Ap3dZtRhcl2wN8ZMgQAzC1MmxkySNG/eALEcNhUPo8HeSfM5tu8LL3vWsI5fai8b
z2s9ItXzQtUd/jNdupCKd88HKyurenJ0WWXRmm4ilxzWtPDitCXKQG7SRnpBycxP
e4zjZ+DbrriIef/ElIbI/gCiLLEMv0H2EwV6BF72eUltOz4gLF4cIYflEw1sqwid
vNhqQcoyHfKq8LdTzme186m8GJl6YWrQRlwyWBQ821rQpcft8KQ=
=p+U/
-----END PGP SIGNATURE-----