alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:50:50Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4420[3.2] squashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 /...2019-07-23T13:50:50ZAlexander Belous[3.2] squashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 / CVE-2015-4646)Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4420, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* parent #4416
* Changesets:
* Revision ed...Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4420, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* parent #4416
* Changesets:
* Revision eda97ba58d739a78737006295c03cbe3d77ebceb by Natanael Copa on 2015-07-07T19:54:55Z:
```
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
fixes #4420
(cherry picked from commit 10422f18285619f8f57b8b4ab5ca829eb21c115f)
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4419[3.1] squashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 /...2019-07-23T13:50:51ZAlexander Belous[3.1] squashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 / CVE-2015-4646)Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4419, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* parent #4416
* Changesets:
* Revision 9b...Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4419, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* parent #4416
* Changesets:
* Revision 9bd7c332d0146196029353a2d0253998cd510e49 by Natanael Copa on 2015-08-05T12:53:01Z:
```
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
fixes #4419
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4418[3.0] squashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 /...2019-07-23T13:50:51ZAlexander Belous[3.0] squashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 / CVE-2015-4646)Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4418, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* parent #4416
* Changesets:
* Revision cf...Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4418, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* parent #4416
* Changesets:
* Revision cf3b46b5b6f7b206fa6515b969df37d82849b6bd by Natanael Copa on 2015-08-05T13:12:55Z:
```
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
fixes #4418
(cherry picked from commit 10422f18285619f8f57b8b4ab5ca829eb21c115f)
Conflicts:
main/squashfs-tools/APKBUILD
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4417[v2.7] squashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 ...2019-07-23T13:50:53ZAlexander Belous[v2.7] squashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 / CVE-2015-4646)Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4417, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* parent #4416
* Changesets:
* Revision ce...Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4417, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* parent #4416
* Changesets:
* Revision cecc55e3d4bcf843b12216e31a262eda76710dc2 by Natanael Copa on 2015-08-05T13:15:06Z:
```
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
fixes #4417
(cherry picked from commit 10422f18285619f8f57b8b4ab5ca829eb21c115f)
Conflicts:
main/squashfs-tools/APKBUILD
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4416squashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 / CVE-2...2019-07-23T13:50:54ZAlexander Beloussquashfs-tools: Integer overflow issue and other flaws (CVE-2015-4645 / CVE-2015-4646)Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4416, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* child #4417
* child #4418
* child #441...Reference:
https://admin.fedoraproject.org/updates/FEDORA-2015-10750/squashfs-tools-4.3-11.fc22
*(from redmine: issue id 4416, created on 2015-07-01, closed on 2015-08-05)*
* Relations:
* child #4417
* child #4418
* child #4419
* child #4420
* Changesets:
* Revision 10422f18285619f8f57b8b4ab5ca829eb21c115f by Natanael Copa on 2015-07-07T19:52:10Z:
```
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
```
* Revision eda97ba58d739a78737006295c03cbe3d77ebceb by Natanael Copa on 2015-07-07T19:54:55Z:
```
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
fixes #4420
(cherry picked from commit 10422f18285619f8f57b8b4ab5ca829eb21c115f)
```
* Revision 9bd7c332d0146196029353a2d0253998cd510e49 by Natanael Copa on 2015-08-05T12:53:01Z:
```
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
fixes #4419
```
* Revision cf3b46b5b6f7b206fa6515b969df37d82849b6bd by Natanael Copa on 2015-08-05T13:12:55Z:
```
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
fixes #4418
(cherry picked from commit 10422f18285619f8f57b8b4ab5ca829eb21c115f)
Conflicts:
main/squashfs-tools/APKBUILD
```
* Revision cecc55e3d4bcf843b12216e31a262eda76710dc2 by Natanael Copa on 2015-08-05T13:15:06Z:
```
main/squashfs-tools: security fix for CVE-2015-4645/4646
ref #4416
fixes #4417
(cherry picked from commit 10422f18285619f8f57b8b4ab5ca829eb21c115f)
Conflicts:
main/squashfs-tools/APKBUILD
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/4415[v3.2] polkit: cookie generator can wrap and two identical cookies could exis...2019-07-23T13:50:55ZAlexander Belous[v3.2] polkit: cookie generator can wrap and two identical cookies could exist; DoS (CVE-2015-4625)The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The...The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The problem is that the current cookie is just an integer
counter, and if it overflowed, it would be possible for
an successful authorization in one session to trigger a response
in another session.
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-4625
https://bugs.freedesktop.org/show\_bug.cgi?id=90837
*(from redmine: issue id 4415, created on 2015-07-01, closed on 2015-08-06)*
* Relations:
* parent #4411
* Changesets:
* Revision 6fe5385eb32b42ebe7440f307380873153658bc0 by Natanael Copa on 2015-07-08T09:04:27Z:
```
main/polkit: various security fixes
CVE-2015-3218
CVE-2015-3255
CVE-2015-4625
ref #4411
fixes #4415
(cherry picked from commit a215f1937c91916b1b5162e49e996708eb456e67)
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4414[v3.1] polkit: cookie generator can wrap and two identical cookies could exis...2019-07-23T13:50:56ZAlexander Belous[v3.1] polkit: cookie generator can wrap and two identical cookies could exist; DoS (CVE-2015-4625)The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The...The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The problem is that the current cookie is just an integer
counter, and if it overflowed, it would be possible for
an successful authorization in one session to trigger a response
in another session.
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-4625
https://bugs.freedesktop.org/show\_bug.cgi?id=90837
*(from redmine: issue id 4414, created on 2015-07-01, closed on 2015-08-06)*
* Relations:
* parent #4411
* Changesets:
* Revision 39904e42477722d27b1a55bfe61a438f398e5bd2 by Natanael Copa on 2015-08-06T14:38:32Z:
```
main/polkit: various security fixes
CVE-2015-3218
CVE-2015-3255
CVE-2015-4625
ref #4411
fixes #4414
(cherry picked from commit a215f1937c91916b1b5162e49e996708eb456e67)
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4413[v3.0] polkit: cookie generator can wrap and two identical cookies could exis...2019-07-23T13:50:57ZAlexander Belous[v3.0] polkit: cookie generator can wrap and two identical cookies could exist; DoS (CVE-2015-4625)The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The...The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The problem is that the current cookie is just an integer
counter, and if it overflowed, it would be possible for
an successful authorization in one session to trigger a response
in another session.
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-4625
https://bugs.freedesktop.org/show\_bug.cgi?id=90837
*(from redmine: issue id 4413, created on 2015-07-01, closed on 2015-08-06)*
* Relations:
* parent #4411
* Changesets:
* Revision 8e84c317b7be2dd3c203153347b06f0c732ae155 by Natanael Copa on 2015-08-06T14:40:15Z:
```
main/polkit: various security fixes
CVE-2015-3218
CVE-2015-3255
CVE-2015-4625
ref #4411
fixes #4413
(cherry picked from commit a215f1937c91916b1b5162e49e996708eb456e67)
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4412[v2.7] polkit: cookie generator can wrap and two identical cookies could exis...2019-07-23T13:50:58ZAlexander Belous[v2.7] polkit: cookie generator can wrap and two identical cookies could exist; DoS (CVE-2015-4625)The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The...The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The problem is that the current cookie is just an integer
counter, and if it overflowed, it would be possible for
an successful authorization in one session to trigger a response
in another session.
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-4625
https://bugs.freedesktop.org/show\_bug.cgi?id=90837
*(from redmine: issue id 4412, created on 2015-07-01, closed on 2015-08-06)*
* Relations:
* parent #4411
* Changesets:
* Revision f28f43cbfd353ffd2f447445520f0a289570ded5 by Natanael Copa on 2015-08-06T14:44:10Z:
```
main/polkit: various security fixes
CVE-2015-3218
CVE-2015-3255
CVE-2015-4625
ref #4411
fixes #4412
(cherry picked from commit a215f1937c91916b1b5162e49e996708eb456e67)
Conflicts:
main/polkit/APKBUILD
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4411polkit: cookie generator can wrap and two identical cookies could exist; DoS ...2019-07-23T13:50:59ZAlexander Belouspolkit: cookie generator can wrap and two identical cookies could exist; DoS (CVE-2015-4625)The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The...The “cookie” value that Polkit hands out is global to all polkit
users. And when \`AuthenticationAgentResponse\` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.
The problem is that the current cookie is just an integer
counter, and if it overflowed, it would be possible for
an successful authorization in one session to trigger a response
in another session.
Reference:
>https://security-tracker.debian.org/tracker/CVE-2015-4625
>https://bugs.freedesktop.org/show\_bug.cgi?id=90837
*(from redmine: issue id 4411, created on 2015-07-01, closed on 2015-08-06)*
* Relations:
* child #4412
* child #4413
* child #4414
* child #4415
* Changesets:
* Revision a215f1937c91916b1b5162e49e996708eb456e67 by Natanael Copa on 2015-07-08T09:02:13Z:
```
main/polkit: various security fixes
CVE-2015-3218
CVE-2015-3255
CVE-2015-4625
ref #4411
```
* Revision 6fe5385eb32b42ebe7440f307380873153658bc0 by Natanael Copa on 2015-07-08T09:04:27Z:
```
main/polkit: various security fixes
CVE-2015-3218
CVE-2015-3255
CVE-2015-4625
ref #4411
fixes #4415
(cherry picked from commit a215f1937c91916b1b5162e49e996708eb456e67)
```
* Revision 39904e42477722d27b1a55bfe61a438f398e5bd2 by Natanael Copa on 2015-08-06T14:38:32Z:
```
main/polkit: various security fixes
CVE-2015-3218
CVE-2015-3255
CVE-2015-4625
ref #4411
fixes #4414
(cherry picked from commit a215f1937c91916b1b5162e49e996708eb456e67)
```
* Revision 8e84c317b7be2dd3c203153347b06f0c732ae155 by Natanael Copa on 2015-08-06T14:40:15Z:
```
main/polkit: various security fixes
CVE-2015-3218
CVE-2015-3255
CVE-2015-4625
ref #4411
fixes #4413
(cherry picked from commit a215f1937c91916b1b5162e49e996708eb456e67)
```
* Revision f28f43cbfd353ffd2f447445520f0a289570ded5 by Natanael Copa on 2015-08-06T14:44:10Z:
```
main/polkit: various security fixes
CVE-2015-3218
CVE-2015-3255
CVE-2015-4625
ref #4411
fixes #4412
(cherry picked from commit a215f1937c91916b1b5162e49e996708eb456e67)
Conflicts:
main/polkit/APKBUILD
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/4410[v3.2] rsyslog: some log files are created world-readable (CVE-2015-3243)2019-07-23T13:51:00ZAlexander Belous[v3.2] rsyslog: some log files are created world-readable (CVE-2015-3243)The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4410, create...The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4410, created on 2015-07-01, closed on 2018-08-23)*
* Relations:
* parent #44063.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4409[v3.1] rsyslog: some log files are created world-readable (CVE-2015-3243)2019-07-23T13:51:01ZAlexander Belous[v3.1] rsyslog: some log files are created world-readable (CVE-2015-3243)The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4409, create...The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4409, created on 2015-07-01, closed on 2017-05-17)*
* Relations:
* parent #4406
* Changesets:
* Revision ade70fae0f4b13cc9e97d18a31b87296c1374937 by Natanael Copa on 2015-12-04T11:03:21Z:
```
main/rsyslog: fix default permissions (CVE-2015-3243). Fixes #4409
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4408[v3.0] rsyslog: some log files are created world-readable (CVE-2015-3243)2019-07-23T13:51:02ZAlexander Belous[v3.0] rsyslog: some log files are created world-readable (CVE-2015-3243)The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4408, create...The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4408, created on 2015-07-01, closed on 2017-05-17)*
* Relations:
* parent #4406
* Changesets:
* Revision 90863c29761cd2f011d501f1e404dd81a3e99be6 by Natanael Copa on 2015-12-04T11:09:29Z:
```
main/rsyslog: fix default permissions (CVE-2015-3243). Fixes #4408
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4407[v2.7] rsyslog: some log files are created world-readable (CVE-2015-3243)2019-07-12T14:59:41ZAlexander Belous[v2.7] rsyslog: some log files are created world-readable (CVE-2015-3243)The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4407, create...The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4407, created on 2015-07-01, closed on 2017-09-05)*
* Relations:
* parent #4406Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4406rsyslog: some log files are created world-readable (CVE-2015-3243)2019-07-23T13:51:03ZAlexander Belousrsyslog: some log files are created world-readable (CVE-2015-3243)The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
>https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4406, crea...The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
provided by the Debian package sets $FileCreateMode 0640
Reference:
>https://security-tracker.debian.org/tracker/CVE-2015-3243
*(from redmine: issue id 4406, created on 2015-07-01, closed on 2018-08-23)*
* Relations:
* child #4407
* child #4408
* child #4409
* child #4410
* Changesets:
* Revision 3cb5210cdac46fb8805d4028df16f5889f393a09 by Natanael Copa on 2015-07-08T09:21:49Z:
```
main/rsyslog: fix default permissions (CVE-2015-3243)
ref #4406
```
* Revision 822733ab307401a52d34dc491a0356e6a279d3a2 by Natanael Copa on 2015-07-08T09:40:03Z:
```
main/rsyslog: fix default permissions (CVE-2015-3243)
ref #4406
(cherry picked from commit 3cb5210cdac46fb8805d4028df16f5889f393a09)
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/4405Package request: compton2019-07-23T13:51:04ZScrumpy JackPackage request: comptonCompton is a compositor for X, and a fork of xcompmgr-dana
https://github.com/chjj/compton
*(from redmine: issue id 4405, created on 2015-06-30, closed on 2015-12-18)*
* Changesets:
* Revision 3b171f1e37492b0de6fcd5b11b2315336f7254...Compton is a compositor for X, and a fork of xcompmgr-dana
https://github.com/chjj/compton
*(from redmine: issue id 4405, created on 2015-06-30, closed on 2015-12-18)*
* Changesets:
* Revision 3b171f1e37492b0de6fcd5b11b2315336f725406 on 2015-07-08T06:58:23Z:
```
testing/compton: new aport. Fixes #4405
```3.3.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/4404[v3.2] pcre: heap overflow vulnerability was found in pcre3, in find_fixedlen...2019-07-23T13:51:05ZAlexander Belous[v3.2] pcre: heap overflow vulnerability was found in pcre3, in find_fixedlenght() (CVE-2015-5073)PCRE library is prone to a vulnerability which leads to Heap Overflow.
During subpattern calculation of a malformed regular expression, an
offset that is used as an array index is fully controlled and can be
large enough so that unexpe...PCRE library is prone to a vulnerability which leads to Heap Overflow.
During subpattern calculation of a malformed regular expression, an
offset that is used as an array index is fully controlled and can be
large enough so that unexpected heap memory regions are accessed.
One could at least exploit this issue to read objects nearby of the
affected application’s memory.
Such information disclosure may also be used to bypass memory protection
method such as ASLR.
Reference:
https://bugs.exim.org/show\_bug.cgi?id=1651
*(from redmine: issue id 4404, created on 2015-06-29, closed on 2015-08-07)*
* Relations:
* parent #4400
* Changesets:
* Revision 1187799566cb8d6a53722bcb8a2bc5dafe23e80a by Natanael Copa on 2015-07-07T13:43:11Z:
```
main/pcre: various security fixes
CVE-2015-3210
CVE-2015-3217
CVE-2015-5073
fixes #4291
fixes #4404
(cherry picked from commit 77345a923c72d9e8d0a4202d893239ba43b903a3)
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4403[v3.1] pcre: heap overflow vulnerability was found in pcre3, in find_fixedlen...2019-07-23T13:51:06ZAlexander Belous[v3.1] pcre: heap overflow vulnerability was found in pcre3, in find_fixedlenght() (CVE-2015-5073)PCRE library is prone to a vulnerability which leads to Heap Overflow.
During subpattern calculation of a malformed regular expression, an
offset that is used as an array index is fully controlled and can be
large enough so that unexpe...PCRE library is prone to a vulnerability which leads to Heap Overflow.
During subpattern calculation of a malformed regular expression, an
offset that is used as an array index is fully controlled and can be
large enough so that unexpected heap memory regions are accessed.
One could at least exploit this issue to read objects nearby of the
affected application’s memory.
Such information disclosure may also be used to bypass memory protection
method such as ASLR.
Reference:
https://bugs.exim.org/show\_bug.cgi?id=1651
*(from redmine: issue id 4403, created on 2015-06-29, closed on 2015-08-07)*
* Relations:
* parent #4400
* Changesets:
* Revision 581f33ed50d0c9dcd82bce7bc8b198d362e3ea10 by Natanael Copa on 2015-08-07T14:42:54Z:
```
main/pcre: various security fixes
CVE-2015-3210
CVE-2015-3217
CVE-2015-5073
fixes #4290
fixes #4403
(cherry picked from commit 77345a923c72d9e8d0a4202d893239ba43b903a3)
Conflicts:
main/pcre/APKBUILD
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4402[v3.0] pcre: heap overflow vulnerability was found in pcre3, in find_fixedlen...2019-07-23T13:51:07ZAlexander Belous[v3.0] pcre: heap overflow vulnerability was found in pcre3, in find_fixedlenght() (CVE-2015-5073)PCRE library is prone to a vulnerability which leads to Heap Overflow.
During subpattern calculation of a malformed regular expression, an
offset that is used as an array index is fully controlled and can be
large enough so that unexpe...PCRE library is prone to a vulnerability which leads to Heap Overflow.
During subpattern calculation of a malformed regular expression, an
offset that is used as an array index is fully controlled and can be
large enough so that unexpected heap memory regions are accessed.
One could at least exploit this issue to read objects nearby of the
affected application’s memory.
Such information disclosure may also be used to bypass memory protection
method such as ASLR.
Reference:
https://bugs.exim.org/show\_bug.cgi?id=1651
*(from redmine: issue id 4402, created on 2015-06-29, closed on 2015-08-07)*
* Relations:
* parent #4400
* Changesets:
* Revision 4c80df5bbe4a4fae50293e449e30dd8cb90a298e by Natanael Copa on 2015-08-07T14:47:23Z:
```
main/pcre: various security fixes
CVE-2015-3210
CVE-2015-3217
CVE-2015-5073
fixes #4289
fixes #4402
(cherry picked from commit 77345a923c72d9e8d0a4202d893239ba43b903a3)
Conflicts:
main/pcre/APKBUILD
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4401[v2.7] pcre: heap overflow vulnerability was found in pcre3, in find_fixedlen...2019-07-23T13:51:09ZAlexander Belous[v2.7] pcre: heap overflow vulnerability was found in pcre3, in find_fixedlenght() (CVE-2015-5073)PCRE library is prone to a vulnerability which leads to Heap Overflow.
During subpattern calculation of a malformed regular expression, an
offset that is used as an array index is fully controlled and can be
large enough so that unexpe...PCRE library is prone to a vulnerability which leads to Heap Overflow.
During subpattern calculation of a malformed regular expression, an
offset that is used as an array index is fully controlled and can be
large enough so that unexpected heap memory regions are accessed.
One could at least exploit this issue to read objects nearby of the
affected application’s memory.
Such information disclosure may also be used to bypass memory protection
method such as ASLR.
Reference:
https://bugs.exim.org/show\_bug.cgi?id=1651
*(from redmine: issue id 4401, created on 2015-06-29, closed on 2015-08-07)*
* Relations:
* parent #4400
* Changesets:
* Revision b92ff50592e393708ec454dde3030a768d999e6e by Natanael Copa on 2015-08-07T15:06:43Z:
```
main/pcre: security fix for CVE-2015-5073
fixes #4401
```Alpine 2.7.10Natanael CopaNatanael Copa