UbuntuUpdates.org

Package "libpcre32-3"

Name: libpcre32-3

Description:

Old Perl 5 Compatible Regular Expression Library - 32 bit runtime files

Latest version: 2:8.39-12ubuntu0.1
Release: focal (20.04)
Level: security
Repository: main
Head package: pcre3

Links


Download "libpcre32-3"


Other versions of "libpcre32-3" in Focal

Repository Area Version
base main 2:8.39-12build1
updates main 2:8.39-12ubuntu0.1

Changelog

Version: 2:8.39-12ubuntu0.1 2022-05-17 16:06:39 UTC

  pcre3 (2:8.39-12ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: buffer over-read in JIT
    - debian/patches/CVE-2019-20838.patch: check if type is not
      extended Unicode parameter or Unicode new line in
      pcre_jit_compile.c.
    - CVE-2019-20838
  * SECURITY UPDATE: integer overflow via a large number
    - debian/patches/CVE-2020-14155.patch: ensure that the number
      is lower than 256 in pcre_compile.c.
    - CVE-2020-14155

 -- David Fernandez Gonzalez <email address hidden> Mon, 16 May 2022 13:25:33 +0200

CVE-2019-20838 libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related
CVE-2020-14155 libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.



About   -   Send Feedback to @ubuntu_updates