Fedora Legacy Test Update Notification: pcre

Marc Deslauriers marcdeslauriers at videotron.ca
Sun Feb 26 16:11:55 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-168516
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168516
2006-02-26
---------------------------------------------------------------------

Name        : pcre
Versions    : rh73: pcre-3.9-2.1.legacy
Versions    : rh9: pcre-3.9-10.1.legacy
Versions    : fc1: pcre-4.4-1.2.legacy
Versions    : fc2: pcre-4.5-2.2.legacy
Summary     : Perl-compatible regular expression library.
Description :
Perl-compatible regular expression library. PCRE has its own native
API, but a set of "wrapper" functions that are based on the POSIX API
are also supplied in the library libpcreposix. Note that this just
provides a POSIX calling interface to PCRE; the regular expressions
themselves still follow Perl syntax and semantics. The header file for
the POSIX-style functions is called pcreposix.h.

---------------------------------------------------------------------
Update Information:

Updated pcre packages are now available to correct a security issue.

PCRE is a Perl-compatible regular expression library.

An integer overflow flaw was found in PCRE, triggered by a maliciously
crafted regular expression. On systems that accept arbitrary regular
expressions from untrusted users, this could be exploited to execute
arbitrary code with the privileges of the application using the library.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2005-2491 to this issue.

Users should update to these erratum packages that contain a backported
patch to correct this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Fri Oct 28 2005 Leonard den Ottolander <leonard agromisa org>
3.9-2.1.legacy
- Fix CAN-2005-2491

rh9:
* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
3.9-10.1.legacy
- Added patch for CVE-2005-2491

fc1:
* Sat Feb 25 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.4-1.2.legacy
- Added pcre-devel to BuildPrereq

* Sun Feb 19 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.4-1.1.legacy
- Added patch for CVE-2005-2491

fc2:
* Sat Feb 25 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.5-2.2.legacy
- Added pcre-devel to BuildPrereq

* Mon Feb 20 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.5-2.1.legacy
- Added patch for CVE-2005-2491

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
9b641aa989639c706065bafc146d34bb6e282a22
redhat/7.3/updates-testing/i386/pcre-3.9-2.1.legacy.i386.rpm
7d8b094083c7a85991d194d6741a0a664204a19d
redhat/7.3/updates-testing/i386/pcre-devel-3.9-2.1.legacy.i386.rpm
9a49145385042483532254fb5d05fae6c3f252f3
redhat/7.3/updates-testing/SRPMS/pcre-3.9-2.1.legacy.src.rpm

rh9:
d876a7f4cdb3a936b2f72fb629fae928d3db6e96
redhat/9/updates-testing/i386/pcre-3.9-10.1.legacy.i386.rpm
9e516b5e44944b25a47171b15c0229423b10f99d
redhat/9/updates-testing/i386/pcre-devel-3.9-10.1.legacy.i386.rpm
55de51292b97aacbad6c375b4ad8578561ac5fe3
redhat/9/updates-testing/SRPMS/pcre-3.9-10.1.legacy.src.rpm

fc1:
4edc206f1e0fc0c3df459b6f8de289f27417974b
fedora/1/updates-testing/i386/pcre-4.4-1.2.legacy.i386.rpm
0fcc5801dc238bb1fac0d59b8403e6cdcc72f126
fedora/1/updates-testing/i386/pcre-devel-4.4-1.2.legacy.i386.rpm
57b3a2c5c2bb3435d3c7971daf29c665fb2c1687
fedora/1/updates-testing/SRPMS/pcre-4.4-1.2.legacy.src.rpm

fc2:
bff4b330e8c9a76262020c7ddb2b48f71bf01788
fedora/2/updates-testing/i386/pcre-4.5-2.2.legacy.i386.rpm
8354926500e18905dd94dddc1e6bf44cd236df68
fedora/2/updates-testing/i386/pcre-devel-4.5-2.2.legacy.i386.rpm
9f43e7d484412d93734dfe4b08f87d2ef133100a
fedora/2/updates-testing/SRPMS/pcre-4.5-2.2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060226/787d1e54/attachment.sig>

More information about the fedora-legacy-list mailing list