Fixed CVE-2019-13224 Fixed CVE-2019-13225 Fixed many problems (found by libfuzzer programs) https://github.com/kkos/oniguruma/releases/tag/v6.9.3
Created attachment 207238 [details] Patch for update
Maybe it would make sense to bump revison of php7[1-3]-mbstring because it is affected....
Thank you for the report and patch Pascal
Thanks for your patch, Pascal. I am super busy during the day. Since this is a security patch I've set the approval flag. Let some available committer commit it faster, if they have a chance. Thanks again, Yuri
^triage: Reset assignee, open to take. Yuri may re-assign himself when he becomes available
Grab
A commit references this bug: Author: mandree Date: Sat Sep 7 14:41:17 UTC 2019 New revision: 511409 URL: https://svnweb.freebsd.org/changeset/ports/511409 Log: Security update to 6.9.3 PR: 240368 Submitted by: pascal.christen@hostpoint.ch Approved by: yuri@ (maintainer) MFH: 2019Q3 Security: CVE-2019-13224 Security: CVE-2019-13225 Changes: head/devel/oniguruma/Makefile head/devel/oniguruma/distinfo
I have also requested MFH permission. Who'll write the vuln.xml entries?
A commit references this bug: Author: mandree Date: Sat Sep 7 20:52:37 UTC 2019 New revision: 511422 URL: https://svnweb.freebsd.org/changeset/ports/511422 Log: MFH: r511409 Security update to 6.9.3 PR: 240368 Submitted by: pascal.christen@hostpoint.ch Approved by: yuri@ (maintainer) Security: CVE-2019-13224 Security: CVE-2019-13225 Approved by: ports-secteam (riggs) Changes: _U branches/2019Q3/ branches/2019Q3/devel/oniguruma/Makefile branches/2019Q3/devel/oniguruma/distinfo
A commit references this bug: Author: mandree Date: Sat Sep 7 21:07:45 UTC 2019 New revision: 511427 URL: https://svnweb.freebsd.org/changeset/ports/511427 Log: Document devel/oniguruma < 6.9.3 vulnerabilities. PR: 240368 Reported by: Pascal Christen Obtained from: MITRE Security: a8d87c7a-d1b1-11e9-a616-0992a4564e7c Security: CVE-2019-13224 Security: CVE-2019-13225 Changes: head/security/vuxml/vuln.xml