763 – [SECURITY] Update pcre to 7.9

Bug 763 - [SECURITY] Update pcre to 7.9

Summary: [SECURITY] Update pcre to 7.9

Status:	RESOLVED FIXED

Alias:	None

Product:	buildroot
Classification:	Unclassified
Component:	Outdated package (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P5 major
Target Milestone:	---
Assignee:	unassigned

URL:	http://cve.mitre.org/cgi-bin/cvename....
Keywords:

Depends on:
Blocks:

Reported:	2009-12-02 15:46 UTC by Gustavo Zacarias
Modified:	2009-12-06 15:30 UTC (History)
CC List:	1 user (show)

See Also:
Host:	i686-linux
Target:	arm-softfloat-linux-uclibcgnueabi
Build:

Attachments
[SECURITY] Bump pcre to 7.9 (1.15 KB, patch) 2009-12-02 15:46 UTC, Gustavo Zacarias	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gustavo Zacarias 2009-12-02 15:46:09 UTC

Created attachment 795 [details]
[SECURITY] Bump pcre to 7.9

Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

Bump package to version 7.9, remove redundant INSTALL_TARGET and remove /usr/bin/pcre-config from target.
Should probably remove /usr/bin/pcretest and /usr/bin/pcregrep from target too for a small size saving.

Comment 1 Peter Korsgaard 2009-12-06 15:30:20 UTC

Committed, thanks