Bug 208260

Summary:	devel/pcre - CVE-2016-1283
Product:	Ports & Packages	Reporter:	Sevan Janiyan <venture37>
Component:	Individual Port(s)	Assignee:	Jason Unovitch <junovitch>
Status:	Closed FIXED
Severity:	Affects Some People	CC:	junovitch, ports-secteam
Priority:	---	Keywords:	security
Version:	Latest	Flags:	bugzilla: maintainer-feedback? (bf) junovitch: merge-quarterly+
Hardware:	Any
OS:	Any

Description Sevan Janiyan 2016-03-24 17:25:07 UTC

Missing patch & vuxml entry
Patch: http://vcs.pcre.org/pcre?view=revision&revision=1636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1283

Comment 1 commit-hook freebsd_committer

2016-04-03 13:43:53 UTC

A commit references this bug:

Author: junovitch
Date: Sun Apr  3 13:43:13 UTC 2016
New revision: 412471
URL: https://svnweb.freebsd.org/changeset/ports/412471

Log:
  Document PCRE heap overflow vulnerability

  PR:		208260
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2016-1283
  Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml

Comment 2 commit-hook freebsd_committer

2016-04-03 13:43:55 UTC

A commit references this bug:

Author: junovitch
Date: Sun Apr  3 13:43:30 UTC 2016
New revision: 412472
URL: https://svnweb.freebsd.org/changeset/ports/412472

Log:
  devel/pcre: Add patch to resolve heap overflow vulnerability

  PR:		208260
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Approved by:	ports-secteam (with hat)
  Obtained from:	PCRE svn (r1636)
  Security:	CVE-2016-1283
  Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html
  MFH:		2016Q2

Changes:
  head/devel/pcre/Makefile
  head/devel/pcre/files/patch-CVE-2016-1283

Comment 3 commit-hook freebsd_committer

2016-04-03 13:44:57 UTC

A commit references this bug:

Author: junovitch
Date: Sun Apr  3 13:44:13 UTC 2016
New revision: 412473
URL: https://svnweb.freebsd.org/changeset/ports/412473

Log:
  MFH: r412472

  devel/pcre: Add patch to resolve heap overflow vulnerability

  PR:		208260
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Approved by:	ports-secteam (with hat)
  Obtained from:	PCRE svn (r1636)
  Security:	CVE-2016-1283
  Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html

Changes:
_U  branches/2016Q2/
  branches/2016Q2/devel/pcre/Makefile
  branches/2016Q2/devel/pcre/files/patch-CVE-2016-1283

Comment 4 Jason Unovitch freebsd_committer

2016-04-03 13:46:32 UTC

Sevan,
The fix from http://vcs.pcre.org/pcre?view=revision&revision=1636 has been committed.  Thank you for the report!