Opened 3 weeks ago
Closed 11 days ago
#5790 closed enhancement (fixed)
pcre2-10.46
| Reported by: | Bruce Dubbs | Owned by: | lfs-book |
|---|---|---|---|
| Priority: | normal | Milestone: | 12.5 |
| Component: | Book | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Change History (2)
comment:1 by , 12 days ago
comment:2 by , 11 days ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed at commit df4169523d:
Update to vim-9.1.1754. Update to iana-etc-20250826. Update to tcl8.6.17. Update to pcre2-10.46. Update to meson-1.9.0. Update to linux-6.16.7. Update to kbd-2.9.0.
Note:
See TracTickets
for help on using tickets.
Version 10.46 27-August-2025
This is a security-only release, to address CVE-2025-58050.
Compared to 10.45, this release has only a minimal code change to prevent a read-past-the-end memory error, of arbitrary length. An attacker-controlled regex pattern is required, and it cannot be triggered by providing crafted subject (match) text. The (*ACCEPT) and (*scs:) pattern features must be used together.
Release 10.44 and earlier are not affected.
This could have implications of denial-of-service or information disclosure, and could potentially be used to escalate other vulnerabilities in a system (such as information disclosure being used to escalate the severity of an unrelated bug in another system).