Bug 208260 - devel/pcre - CVE-2016-1283
Summary: devel/pcre - CVE-2016-1283
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Jason Unovitch
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2016-03-24 17:25 UTC by Sevan Janiyan
Modified: 2016-04-03 13:46 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (bf)
junovitch: merge-quarterly+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 commit-hook freebsd_committer 2016-04-03 13:43:53 UTC
A commit references this bug:

Author: junovitch
Date: Sun Apr  3 13:43:13 UTC 2016
New revision: 412471
URL: https://svnweb.freebsd.org/changeset/ports/412471

Log:
  Document PCRE heap overflow vulnerability

  PR:		208260
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Security:	CVE-2016-1283
  Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 2 commit-hook freebsd_committer 2016-04-03 13:43:55 UTC
A commit references this bug:

Author: junovitch
Date: Sun Apr  3 13:43:30 UTC 2016
New revision: 412472
URL: https://svnweb.freebsd.org/changeset/ports/412472

Log:
  devel/pcre: Add patch to resolve heap overflow vulnerability

  PR:		208260
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Approved by:	ports-secteam (with hat)
  Obtained from:	PCRE svn (r1636)
  Security:	CVE-2016-1283
  Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html
  MFH:		2016Q2

Changes:
  head/devel/pcre/Makefile
  head/devel/pcre/files/patch-CVE-2016-1283
Comment 3 commit-hook freebsd_committer 2016-04-03 13:44:57 UTC
A commit references this bug:

Author: junovitch
Date: Sun Apr  3 13:44:13 UTC 2016
New revision: 412473
URL: https://svnweb.freebsd.org/changeset/ports/412473

Log:
  MFH: r412472

  devel/pcre: Add patch to resolve heap overflow vulnerability

  PR:		208260
  Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
  Approved by:	ports-secteam (with hat)
  Obtained from:	PCRE svn (r1636)
  Security:	CVE-2016-1283
  Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html

Changes:
_U  branches/2016Q2/
  branches/2016Q2/devel/pcre/Makefile
  branches/2016Q2/devel/pcre/files/patch-CVE-2016-1283
Comment 4 Jason Unovitch freebsd_committer 2016-04-03 13:46:32 UTC
Sevan,
The fix from http://vcs.pcre.org/pcre?view=revision&revision=1636 has been committed.  Thank you for the report!