[ubuntu/wily-security] pcre3 2:8.35-7.1ubuntu1.3 (Accepted)

[Marc Deslauriers]

pcre3 (2:8.35-7.1ubuntu1.3) wily-security; urgency=medium

  * SECURITY UPDATE: fix multiple security issues by applying patches
    from Debian jessie package:
    - CVE-2015-2325_CVE-2015-2326_CVE-2015-3210_CVE-2015-5073.patch
    - 0001-Fix-compile-time-loop-for-recursive-reference-within.patch
    - 794589-information-disclosure.patch
    - 0001-Fix-buffer-overflow-for-repeated-conditional-when-re.patch
    - 0001-Fix-named-forward-reference-to-duplicate-group-numbe.patch
    - 0001-Fix-buffer-overflow-for-lookbehind-within-mutually-r.patch
    - 0001-Add-integer-overflow-check-to-n-code.patch
    - 0001-Fix-overflow-when-ovector-has-size-1.patch
    - 0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch
    - 0001-Fix-bug-for-classes-containing-sequences.patch
    - 0001-Fix-run-for-ever-bug-for-deeply-nested-sequences.patch
    - 0001-Fix-buffer-overflow-for-named-references-in-situatio.patch
    - 0001-Make-pcregrep-q-override-l-and-c-for-compatibility-w.patch
    - 0001-Add-missing-integer-overflow-checks.patch
    - 0001-Hack-in-yet-other-patch-for-a-bug-in-size-computatio.patch
    - Removed obsolete fix_find_fixedlength.patch
    - debian/patches/fix_test11.patch: fix test failure caused by
      0001-Fix-buffer-overflow-for-named-references-in-situatio.patch.
    - debian/patches/fix_typo_in_jit.patch: fix typo in commit in
      0001-Fix-infinite-recursion-in-the-JIT-compiler-when-cert.patch.
    - CVE-2015-2325, CVE-2015-2326, CVE-2015-2327, CVE-2015-2328,
      CVE-2015-3210, CVE-2015-5073, CVE-2015-8380, CVE-2015-8381,
      CVE-2015-8382, CVE-2015-8383, CVE-2015-8384, CVE-2015-8385,
      CVE-2015-8386, CVE-2015-8387, CVE-2015-8388, CVE-2015-8389,
      CVE-2015-8390, CVE-2015-8391, CVE-2015-8392, CVE-2015-8393,
      CVE-2015-8394, CVE-2015-8395
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted regular expression
    - debian/patches/CVE-2016-1283.patch: fix another duplicate name issue
      in pcre_compile.c, add tests to testdata/testinput2,
      testdata/testoutput2.
    - CVE-2016-1283
  * SECURITY UPDATE: denial of service via pattern containing (*ACCEPT)
    substring with nested parantheses
    - debian/patches/apply-upstream-revision-1631-closes-8159: fix
      workspace overflow for (*ACCEPT) with deeply nested parentheses in
      pcreposix.c, pcre_compile.c, pcre_internal.h, add tests to
      testdata/testoutput11-8, testdata/testoutput11-16,
      testdata/testinput11, testdata/testoutput11-32.
    - CVE-2016-3191
  * SECURITY UPDATE: nested alternatives segfault when JIT is used
    - debian/patches/CVE-2014-9769.patch: fixed issue with nested table
      jumps in pcre_jit_compile.c, added test to testdata/testinput1,
      testdata/testoutput1.
    - CVE-2014-9769

Date: 2016-03-29 15:33:13.738418+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/pcre3/2:8.35-7.1ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.