[Buildroot] [2020.02.x] package/pcre: security bump to 8.44
matthew.weber at rockwellcollins.com
Tue Jul 14 20:15:00 UTC 2020
On Tue, Jul 14, 2020 at 3:09 PM Thomas Petazzoni
<thomas.petazzoni at bootlin.com> wrote:
> On Tue, 14 Jul 2020 14:40:08 -0500
> Matt Weber <matthew.weber at rockwellcollins.com> wrote:
> > * 0001-Kill-compatibility-bits.patch had a bugfix for the lcc
> > compiler (https://vcs.pcre.org/pcre/code/trunk/pcrecpp.cc?r1=1735&r2=1752&pathrev=1763)
> > * License file updated copyright date
> > Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
> There is already a bump to 8.44 in master. Why do you send a separate
> patch doing the same thing, but for 2020.02.x ?
Agree, not needed. I realized this afterwards.
> I think in this kind of case, we should instead reply to the commit
> e-mail, and ask Peter to backport it to 2020.02.x.
I just checked and it was old enough that I don't have the original
> However, you label it as a security bump, without saying which
> vulnerability is being fixed. The original version bump commit did not
> label it as a security bump.
Agree, should have included:
libpcre in PCRE before 8.44 allows an integer overflow via a large
number after a (?C substring.
More information about the buildroot