Bug 208167 - devel/pcre2 - CVE-2016-3191
Summary: devel/pcre2 - CVE-2016-3191
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Mark Felder
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-20 23:44 UTC by Sevan Janiyan
Modified: 2016-03-21 02:51 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (feld)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sevan Janiyan 2016-03-20 23:44:59 UTC
Missing VUXML entry
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3191
Comment 1 commit-hook freebsd_committer 2016-03-21 02:32:32 UTC
A commit references this bug:

Author: feld
Date: Mon Mar 21 02:32:27 UTC 2016
New revision: 411529
URL: https://svnweb.freebsd.org/changeset/ports/411529

Log:
  Document pcre vulnerability

  PR:		208167
  Security:	CVE-2016-3191

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer 2016-03-21 02:35:34 UTC
A commit references this bug:

Author: feld
Date: Mon Mar 21 02:34:50 UTC 2016
New revision: 411530
URL: https://svnweb.freebsd.org/changeset/ports/411530

Log:
  devel/pcre2: Add patch to resolve CVE

  PR:		208167
  Obtained from:	PCRE svn (r489)
  Security:	CVE-2016-3191

Changes:
  head/devel/pcre2/Makefile
  head/devel/pcre2/files/patch-CVE-2016-3191
Comment 3 commit-hook freebsd_committer 2016-03-21 02:36:36 UTC
A commit references this bug:

Author: feld
Date: Mon Mar 21 02:35:45 UTC 2016
New revision: 411531
URL: https://svnweb.freebsd.org/changeset/ports/411531

Log:
  MFH: r411530

  devel/pcre2: Add patch to resolve CVE

  PR:		208167
  Obtained from:	PCRE svn (r489)
  Security:	CVE-2016-3191
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/devel/pcre2/Makefile
  branches/2016Q1/devel/pcre2/files/patch-CVE-2016-3191
Comment 4 commit-hook freebsd_committer 2016-03-21 02:40:38 UTC
A commit references this bug:

Author: feld
Date: Mon Mar 21 02:40:26 UTC 2016
New revision: 411532
URL: https://svnweb.freebsd.org/changeset/ports/411532

Log:
  devel/pcre: Update to 8.38

  - Remove patches now in the 8.38 release
  - Add patch to resolve outstanding CVE

  PR:		208167
  Obtained from:	PCRE svn (r1631)
  MFH:		2016Q1
  Security:	CVE-2016-3191

Changes:
  head/devel/pcre/Makefile
  head/devel/pcre/distinfo
  head/devel/pcre/files/patch-CVE-2015-5073
  head/devel/pcre/files/patch-CVE-2016-3191
  head/devel/pcre/files/patch-buffer-overflow
  head/devel/pcre/files/patch-r1585-buffer-overflow
  head/devel/pcre/files/patch-r1594-heap-overflow
  head/devel/pcre/pkg-plist
Comment 5 commit-hook freebsd_committer 2016-03-21 02:41:40 UTC
A commit references this bug:

Author: feld
Date: Mon Mar 21 02:41:22 UTC 2016
New revision: 411533
URL: https://svnweb.freebsd.org/changeset/ports/411533

Log:
  MFH: r411532

  devel/pcre: Update to 8.38

  - Remove patches now in the 8.38 release
  - Add patch to resolve outstanding CVE

  PR:		208167
  Obtained from:	PCRE svn (r1631)
  Security:	CVE-2016-3191
  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/devel/pcre/Makefile
  branches/2016Q1/devel/pcre/distinfo
  branches/2016Q1/devel/pcre/files/patch-CVE-2015-5073
  branches/2016Q1/devel/pcre/files/patch-CVE-2016-3191
  branches/2016Q1/devel/pcre/files/patch-buffer-overflow
  branches/2016Q1/devel/pcre/files/patch-r1585-buffer-overflow
  branches/2016Q1/devel/pcre/files/patch-r1594-heap-overflow
  branches/2016Q1/devel/pcre/pkg-plist
Comment 6 commit-hook freebsd_committer 2016-03-21 02:44:41 UTC
A commit references this bug:

Author: feld
Date: Mon Mar 21 02:43:57 UTC 2016
New revision: 411534
URL: https://svnweb.freebsd.org/changeset/ports/411534

Log:
  Fix version range for pcre2 vulnerability

  PR:		208167
  Security:	CVE-2016-3191

Changes:
  head/security/vuxml/vuln.xml
Comment 7 Mark Felder freebsd_committer 2016-03-21 02:51:54 UTC
Documented and patched, thanks!