Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted pcre2 10.32-5+deb10u1 (source) into oldstable
Date: Thu, 16 Mar 2023 02:10:24 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 16 Mar 2023 01:21:36 +0100
Source: pcre2
Architecture: source
Version: 10.32-5+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1011954
Changes:
 pcre2 (10.32-5+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2019-20454: Out-of-bounds read when the pattern \X is JIT compiled and
     used to match specially crafted subjects in non-UTF mode.
   * CVE-2022-1586: Out-of-bounds read involving unicode property matching in
     JIT-compiled regular expressions. The issue occurs because the character
     was not fully read in case-less matching within JIT. (Closes: #1011954).
   * CVE-2022-1587: Out-of-bounds read affecting recursions in JIT-compiled
     regular expressions caused by duplicate data transfers. (Closes:
     #1011954).
   * Subject buffer overread in JIT when UTF is disabled and \X or \R has a
     greater than 1 fixed quantifier.
Checksums-Sha1:
 8e441840f3e0ffcd3cfa47f44ba68788da136a97 2234 pcre2_10.32-5+deb10u1.dsc
 5bfe471f07224c1fac741d426462553f9fc3af84 2169349 pcre2_10.32.orig.tar.gz
 0a9c7de96639b820a1427746c3c0266bdc59a493 9691 pcre2_10.32-5+deb10u1.diff.gz
 6586ee2ba79255b2159d143f4d059b140754a3e3 7655 pcre2_10.32-5+deb10u1_amd64.buildinfo
Checksums-Sha256:
 84b64673e5b8f4d2f2b75e293a151df97020ecc32871961a6dfc30a588f5fc57 2234 pcre2_10.32-5+deb10u1.dsc
 9ca9be72e1a04f22be308323caa8c06ebd0c51efe99ee11278186cafbc4fe3af 2169349 pcre2_10.32.orig.tar.gz
 1a425dd654d2ffd1e7e3456865a0d0ec2fd04639469a2f73f18138f01df1377b 9691 pcre2_10.32-5+deb10u1.diff.gz
 c87cab60a77877489e2c1939052973305dcee20d8dfc117bf5601369121856b9 7655 pcre2_10.32-5+deb10u1_amd64.buildinfo
Files:
 a9989eb3586b9d6aaf6a6df0ad14fe3b 2234 libs optional pcre2_10.32-5+deb10u1.dsc
 a660db882ff171e6a0de5fb1decd5ff5 2169349 libs optional pcre2_10.32.orig.tar.gz
 489d44e5d45cfbbee8a31903602e2c90 9691 libs optional pcre2_10.32-5+deb10u1.diff.gz
 6acc2944caccb3657df30f7c0144de83 7655 libs optional pcre2_10.32-5+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmQScxcACgkQ05pJnDwh
pVJEtRAAriSVvXFOms+BABTve2Xn8REzpEf6vlDcN5j438bzCe2fGg6+4zmMpkqz
Xnx7HGM8sZWouSuc9GILY0LFJw5EhVVC+bgija5b4tdsxv3hF/DcgsQdxietKc73
SYlnRSpXY1dmSw0FGPqrJvsDmVogz28O8sGLLX4zf+C9mrKDkCSsxDqORp2CbTIL
TZltUVogk5ai8KjIjhHnPgMmzezy0n8FJPm6HRIzMr9McKNPzWMOAYapvUH4p5C+
z/z6grepJpNMyHh1AcpvKKRJl2j2V0Uk3MGLy47flR7TYSGJMbGiZf5xAtxCdSm4
lepjuF9x0wWbaQgSTCXtuKoKy1C4SLTa2UgI8K55UGXDfyKD2FGtggPnn9ONceaB
DwJHisbv3gyJOMfXOpkajQfi81lZ2D0DxEi8xSlRRsl6M/xOJcIT8+01Hr5P0mE7
Ap3dZtRhcl2wN8ZMgQAzC1MmxkySNG/eALEcNhUPo8HeSfM5tu8LL3vWsI5fai8b
z2s9ItXzQtUd/jNdupCKd88HKyurenJ0WWXRmm4ilxzWtPDitCXKQG7SRnpBycxP
e4zjZ+DbrriIef/ElIbI/gCiLLEMv0H2EwV6BF72eUltOz4gLF4cIYflEw1sqwid
vNhqQcoyHfKq8LdTzme186m8GJl6YWrQRlwyWBQ821rQpcft8KQ=
=p+U/
-----END PGP SIGNATURE-----

News for package pcre2