notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
All times are UTC
We just patched an SQL injection. There is no evidence it was exploited. That doesn’t mean it wasn’t. Please change your password. You might want to hold off on that change. We have a few more to fix.
non port: devel/pcre/files/patch-buffer-overflow

Number of commits found: 2

Mon, 21 Mar 2016
[ 02:40 feld search for other commits by this committer ] Original commit   Revision:411532
devel/pcre: Update to 8.38

- Remove patches now in the 8.38 release
- Add patch to resolve outstanding CVE

PR:		208167
Obtained from:	PCRE svn (r1631)
MFH:		2016Q1
Security:	CVE-2016-3191
Sun, 7 Jun 2015
[ 20:50 delphij search for other commits by this committer ] Original commit   Revision:388777
Apply upstream fixes of several buffer overflow issues:

r1555 Fix forward reference offset bug.
r1556 Fix forward referencing bugs.
r1557 Fix buffer overflow for repeated conditional when referencing a
      duplicate name.
r1558 Fix buffer overflow for named recursive back reference when the
      name is duplicated.
r1559 Fix named forward reference to duplicate group number overflow
r1560 Fix buffer overflow for lookbehind within mutually recursive
r1562 Fix another buffer overflow.

Note that regression tests were not included in this patchset, however
the actual test cases have been run against both old and new code to
make sure that the issues were fixed properly.

With hat:	so
Obtained from:	PCRE svn (revisions detalied above)
MFH:		2015Q2
Security:	CVE-2015-3210, CVE-2015-3217

Number of commits found: 2