diff options
| author | Bernd Kuhls <bernd.kuhls@t-online.de> | 2017-07-13 21:39:28 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-07-13 22:13:56 +0200 |
| commit | bc6a84bb3d05e0d752ecf59bb35ac827e9b76185 (patch) | |
| tree | dde5c457713372ae2bb14b2322b8b1f293c72de7 /package/nginx-upload/nginx-upload.hash | |
| parent | 29f956d99c3b3b8a90258a88d79b6c76e724b714 (diff) | |
| download | buildroot-bc6a84bb3d05e0d752ecf59bb35ac827e9b76185.tar.gz buildroot-bc6a84bb3d05e0d752ecf59bb35ac827e9b76185.zip | |
package/pcre: security bump to version 8.41
Removed patches 0003 & 0004, applied upstream.
Fixes the following security issues:
CVE-2017-7244 - The _pcre32_xclass function in pcre_xclass.c in libpcre1 in
PCRE 8.40 allows remote attackers to cause a denial of service (invalid
memory read) via a crafted file.
CVE-2017-7245 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 4) or possibly have unspecified
other impact via a crafted file.
CVE-2017-7246 - Stack-based buffer overflow in the pcre32_copy_substring
function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to
cause a denial of service (WRITE of size 268) or possibly have unspecified
other impact via a crafted file.
[Peter: add CVE info]
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/nginx-upload/nginx-upload.hash')
0 files changed, 0 insertions, 0 deletions
