208167 – devel/pcre2 - CVE-2016-3191

Bug 208167 - devel/pcre2 - CVE-2016-3191

Summary: devel/pcre2 - CVE-2016-3191

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Mark Felder

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-03-20 23:44 UTC by Sevan Janiyan
Modified:	2016-03-21 02:51 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (feld)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sevan Janiyan 2016-03-20 23:44:59 UTC

Missing VUXML entry
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3191

Comment 1 commit-hook freebsd_committer

2016-03-21 02:32:32 UTC

A commit references this bug:

Author: feld
Date: Mon Mar 21 02:32:27 UTC 2016
New revision: 411529
URL: https://svnweb.freebsd.org/changeset/ports/411529

Log:
  Document pcre vulnerability

  PR:		208167
  Security:	CVE-2016-3191

Changes:
  head/security/vuxml/vuln.xml

Comment 2 commit-hook freebsd_committer

2016-03-21 02:35:34 UTC

A commit references this bug:

Author: feld
Date: Mon Mar 21 02:34:50 UTC 2016
New revision: 411530
URL: https://svnweb.freebsd.org/changeset/ports/411530

Log:
  devel/pcre2: Add patch to resolve CVE

  PR:		208167
  Obtained from:	PCRE svn (r489)
  Security:	CVE-2016-3191

Changes:
  head/devel/pcre2/Makefile
  head/devel/pcre2/files/patch-CVE-2016-3191

Comment 3 commit-hook freebsd_committer

2016-03-21 02:36:36 UTC

A commit references this bug:

Author: feld
Date: Mon Mar 21 02:35:45 UTC 2016
New revision: 411531
URL: https://svnweb.freebsd.org/changeset/ports/411531

Log:
  MFH: r411530

  devel/pcre2: Add patch to resolve CVE

  PR:		208167
  Obtained from:	PCRE svn (r489)
  Security:	CVE-2016-3191
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/devel/pcre2/Makefile
  branches/2016Q1/devel/pcre2/files/patch-CVE-2016-3191

Comment 4 commit-hook freebsd_committer

2016-03-21 02:40:38 UTC

A commit references this bug:

Author: feld
Date: Mon Mar 21 02:40:26 UTC 2016
New revision: 411532
URL: https://svnweb.freebsd.org/changeset/ports/411532

Log:
  devel/pcre: Update to 8.38

  - Remove patches now in the 8.38 release
  - Add patch to resolve outstanding CVE

  PR:		208167
  Obtained from:	PCRE svn (r1631)
  MFH:		2016Q1
  Security:	CVE-2016-3191

Changes:
  head/devel/pcre/Makefile
  head/devel/pcre/distinfo
  head/devel/pcre/files/patch-CVE-2015-5073
  head/devel/pcre/files/patch-CVE-2016-3191
  head/devel/pcre/files/patch-buffer-overflow
  head/devel/pcre/files/patch-r1585-buffer-overflow
  head/devel/pcre/files/patch-r1594-heap-overflow
  head/devel/pcre/pkg-plist

Comment 5 commit-hook freebsd_committer

2016-03-21 02:41:40 UTC

A commit references this bug:

Author: feld
Date: Mon Mar 21 02:41:22 UTC 2016
New revision: 411533
URL: https://svnweb.freebsd.org/changeset/ports/411533

Log:
  MFH: r411532

  devel/pcre: Update to 8.38

  - Remove patches now in the 8.38 release
  - Add patch to resolve outstanding CVE

  PR:		208167
  Obtained from:	PCRE svn (r1631)
  Security:	CVE-2016-3191
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/devel/pcre/Makefile
  branches/2016Q1/devel/pcre/distinfo
  branches/2016Q1/devel/pcre/files/patch-CVE-2015-5073
  branches/2016Q1/devel/pcre/files/patch-CVE-2016-3191
  branches/2016Q1/devel/pcre/files/patch-buffer-overflow
  branches/2016Q1/devel/pcre/files/patch-r1585-buffer-overflow
  branches/2016Q1/devel/pcre/files/patch-r1594-heap-overflow
  branches/2016Q1/devel/pcre/pkg-plist

Comment 6 commit-hook freebsd_committer

2016-03-21 02:44:41 UTC

A commit references this bug:

Author: feld
Date: Mon Mar 21 02:43:57 UTC 2016
New revision: 411534
URL: https://svnweb.freebsd.org/changeset/ports/411534

Log:
  Fix version range for pcre2 vulnerability

  PR:		208167
  Security:	CVE-2016-3191

Changes:
  head/security/vuxml/vuln.xml

Comment 7 Mark Felder freebsd_committer

2016-03-21 02:51:54 UTC

Documented and patched, thanks!