UbuntuUpdates.org

Package "libonig"

Name: libonig

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • regular expressions library — development files
  • regular expressions library
Latest version: 6.9.4-1
Release: focal (20.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libonig" in Focal

Repository Area Version
base universe 6.9.4-1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 6.9.4-1 2024-11-27 20:06:53 UTC

  libonig (6.9.4-1) unstable; urgency=medium

  * Neu upstream release.
    - Refresh symbols file and add Build-Depends-Package field.
    - Remove upstream applied patches:
      + 0105-CVE-2019-13224.patch
      + 0110-CVE-2019-13225.patch
    - Refresh debain/copyright.
    - Fixes CVE-2019-19204: heap-buffer-overflow in fetch_interval_quantifier
        due to double PFETCH (Closes: #945313).
    - Fixes CVE-2019-19203: heap-buffer-overflow in gb18030_mbc_enc_len
        (Closes: #945312).
    - Fixes CVE-2019-19012: Out of bounds read in mbc_to_code()
        (Closes: #944959).
    - Fixes CVE-2019-16163: Stack Exhaustion Problem (Closes: #939988).
    - Fixes CVE-2019-19246: heap-based buffer over-read in str_lower_case_match.
  * debian/watch:_Correct typo.
  * Declare compliance with Debian Policy 4.4.1.1 (No changes needed).
  * Switch to debhelper-compat:
    - debian/control: change to debhelper-compat (=12)
    - remove debian/compat
  * debian/control:
    - Add Rules-Requires-Root: no.
  * Remove outdated debian/NEWS.Debian.

 -- Jörg Frings-Fürst <email address hidden> Sun, 22 Dec 2019 16:00:46 +0100
945313 libonig: CVE-2019-19204: heap-buffer-overflow in fetch_interval_quantifier due to double PFETCH
945312 libonig: CVE-2019-19203: heap-buffer-overflow in gb18030_mbc_enc_len
944959 libonig: CVE-2019-19012
939988 libonig: CVE-2019-16163
CVE-2019-13224 A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service,
CVE-2019-13225 A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a craft
CVE-2019-19204 An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in re
CVE-2019-19203 An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced wit
CVE-2019-19012 An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offse
CVE-2019-16163 Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
CVE-2019-19246 Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.


About   -   Send Feedback to @ubuntu_updates