-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 03 Dec 2019 18:38:09 +0100 Source: libonig Binary: libonig2 libonig2-dbg libonig-dev Architecture: source amd64 Version: 5.9.5-3.2+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Jörg Frings-Fürst <debian@jff-webhosting.net> Changed-By: Sylvain Beucler <beuc@debian.org> Description: libonig-dev - Development files for libonig2 libonig2 - Oniguruma regular expressions library libonig2-dbg - Debugging symbols for libonig2 Changes: libonig (5.9.5-3.2+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2019-19012: an integer overflow in the search_in_range function in regexec.c leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. * CVE-2019-19204: in the function fetch_range_quantifier in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read * CVE-2019-19246: heap-based buffer over-read in str_lower_case_match in regexec.c. Checksums-Sha1: 73ae5deda6229c4e9e50d219db62a14beebb3d78 1559 libonig_5.9.5-3.2+deb8u4.dsc 91e8c5d98194446c836001e9cf2a7fedf9b4601e 12608 libonig_5.9.5-3.2+deb8u4.debian.tar.xz 7ba540e399c0c3cb7cf65b9cf200ed6c2f26b165 118820 libonig2_5.9.5-3.2+deb8u4_amd64.deb 10a04f9185fb12265cf533663de833569446ec91 201592 libonig2-dbg_5.9.5-3.2+deb8u4_amd64.deb cd6fd6d5646336f4f967911bef56171058fb97cc 79942 libonig-dev_5.9.5-3.2+deb8u4_amd64.deb Checksums-Sha256: 05c964d73562361412d072b41b2c2c09b0a39a2cd781bf8da6af5df62ea8d7a5 1559 libonig_5.9.5-3.2+deb8u4.dsc 19b36a1d0c72a8f8c4428b020435ca6d9e710ba93cc9767525c6d67c33b245f2 12608 libonig_5.9.5-3.2+deb8u4.debian.tar.xz 95cb0627bec3f0b43fa681820d8b42b6ae7ccdb911d0d19b28bfa9ede1371b01 118820 libonig2_5.9.5-3.2+deb8u4_amd64.deb 0c7ec97b9761627bbc72dc2cceebed01dc29f8a0918fde9a35c5b9817da9ec85 201592 libonig2-dbg_5.9.5-3.2+deb8u4_amd64.deb abb57e0389fb3e908af947295b8a1c7fbc429aa3621890e5f51430d50c891d72 79942 libonig-dev_5.9.5-3.2+deb8u4_amd64.deb Files: 2b22942a4be443ae2402bd8d339673b9 1559 libs extra libonig_5.9.5-3.2+deb8u4.dsc c1a9b6940893391a4cd957ec5dabd148 12608 libs extra libonig_5.9.5-3.2+deb8u4.debian.tar.xz 929ef4b5fa6ec957317046eab3702bc3 118820 libs optional libonig2_5.9.5-3.2+deb8u4_amd64.deb a0a265f3db8a0514526082876fd7b3b7 201592 debug extra libonig2-dbg_5.9.5-3.2+deb8u4_amd64.deb cb1a259f74996d31aa994fff666e15d7 79942 libdevel optional libonig-dev_5.9.5-3.2+deb8u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl3nidcACgkQj/HLbo2J BZ/+MAf+P03AThQrWKe6T6vtWLVaedVlZHznwgXgKSTNrXZlr5n96rMX+/Z+QMC0 CbmsjpUKbivg1SofF/xS78cCROIJFLVgJP0ltUpQHO94dqKNUY2jnndQSg8AvxIH nRSGIukQF6bUm5eJJ6FfAAAsYl38gqZxtLG1HOOJxO+a5ePsHghxuKG0hJpdl5xT Z16mKQ4kkhihI+3SFC6xt/3bZm84V8jrHkjlEA9WArwhRk327F+Uo5je3EjbhSZ7 Af20e0rLtxGTJBqhPSdKMhYFzJeYSEOXN8YTZxGXV6V7KeGlY/erYQwP8KTWtC7f qgDnGnqhCwx+NTjTz+BqwgH+1FwfGw== =qAWu -----END PGP SIGNATURE-----