| Summary: | [SECURITY] Update pcre to 7.9 | ||
|---|---|---|---|
| Product: | buildroot | Reporter: | Gustavo Zacarias <gustavo> |
| Component: | Outdated package | Assignee: | unassigned |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | buildroot |
| Priority: | P5 | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| URL: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371 | ||
| Host: | i686-linux | Target: | arm-softfloat-linux-uclibcgnueabi |
| Build: | |||
| Attachments: | [SECURITY] Bump pcre to 7.9 | ||
Committed, thanks |
Created attachment 795 [details] [SECURITY] Bump pcre to 7.9 Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. Bump package to version 7.9, remove redundant INSTALL_TARGET and remove /usr/bin/pcre-config from target. Should probably remove /usr/bin/pcretest and /usr/bin/pcregrep from target too for a small size saving.