Opened 3 weeks ago

Closed 11 days ago

#5790 closed enhancement (fixed)

pcre2-10.46

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: normal Milestone: 12.5
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (2)

comment:1 by Bruce Dubbs, 12 days ago

Version 10.46 27-August-2025

This is a security-only release, to address CVE-2025-58050.

Compared to 10.45, this release has only a minimal code change to prevent a read-past-the-end memory error, of arbitrary length. An attacker-controlled regex pattern is required, and it cannot be triggered by providing crafted subject (match) text. The (*ACCEPT) and (*scs:) pattern features must be used together.

Release 10.44 and earlier are not affected.

This could have implications of denial-of-service or information disclosure, and could potentially be used to escalate other vulnerabilities in a system (such as information disclosure being used to escalate the severity of an unrelated bug in another system).

comment:2 by Bruce Dubbs, 11 days ago

Resolution: fixed
Status: newclosed

Fixed at commit df4169523d:

Update to vim-9.1.1754.
Update to iana-etc-20250826.
Update to tcl8.6.17.
Update to pcre2-10.46.
Update to meson-1.9.0.
Update to linux-6.16.7.
Update to kbd-2.9.0.
Note: See TracTickets for help on using tickets.