Your message dated Thu, 28 Aug 2025 07:49:41 +0000
with message-id <[email protected]>
and subject line Bug#1112278: fixed in pcre2 10.46-1
has caused the Debian Bug report #1112278,
regarding pcre2: CVE-2025-58050
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1112278: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112278
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: src:pcre2
version: 10.45-1
tags: security upstream trixie forky
PCRE upstream released 10.46 yesterday to fix CVE-2025-58050 -
https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46
Quoting the release note:
"
This is a security-only release, to address CVE-2025-58050.
Compared to 10.45, this release has only a minimal code change to
prevent a read-past-the-end memory error, of arbitrary length. An
attacker-controlled regex pattern is required, and it cannot be
triggered by providing crafted subject (match) text. The (*ACCEPT) and
(*scs:) pattern features must be used together.
Release 10.44 and earlier are not affected.
This could have implications of denial-of-service or information
disclosure, and could potentially be used to escalate other
vulnerabilities in a system (such as information disclosure being used
to escalate the severity of an unrelated bug in another system).
"
So trixie (10.45-1) and forky/unstable are vulnerable, but not older
releases.
Regards,
Matthew
--- End Message ---
--- Begin Message ---
Source: pcre2
Source-Version: 10.46-1
Done: Matthew Vernon <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pcre2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthew Vernon <[email protected]> (supplier of updated pcre2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Aug 2025 08:32:30 +0100
Source: pcre2
Architecture: source
Version: 10.46-1
Distribution: unstable
Urgency: high
Maintainer: Matthew Vernon <[email protected]>
Changed-By: Matthew Vernon <[email protected]>
Closes: 1112278
Changes:
pcre2 (10.46-1) unstable; urgency=high
.
* New upstream release to fix CVE-2025-58050 (Closes: #1112278)
Checksums-Sha1:
b54c3aa8e4aa2d9ffa401b02ade99212953deeed 2337 pcre2_10.46-1.dsc
6858f0eb287c8285f53a038c8a95dc43ba51c653 2718545 pcre2_10.46.orig.tar.gz
fddae92ac1844431bd414198633dc3961a7ad2ea 8748 pcre2_10.46-1.diff.gz
Checksums-Sha256:
f07e05cd55dd8189d1a7eec2c3ed2d963f51a84ab5494567a112b42f8d525661 2337
pcre2_10.46-1.dsc
8d28d7f2c3b970c3a4bf3776bcbb5adfc923183ce74bc8df1ebaad8c1985bd07 2718545
pcre2_10.46.orig.tar.gz
307f2b889eb62e71fba064fb6ec65a367f1a88ceb667c4d7109c8d3fe1859e88 8748
pcre2_10.46-1.diff.gz
Files:
70ed6714c5f7638535f882a1884518cf 2337 libs optional pcre2_10.46-1.dsc
38c1d3820b744afbc0565144ef893129 2718545 libs optional pcre2_10.46.orig.tar.gz
6bc28f8d3d33bdcf4c795a2045db4787 8748 libs optional pcre2_10.46-1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEuk75yE35bTfYoeLUEvTSHI9qY8gFAmiwB7MTHG1hdHRoZXdA
ZGViaWFuLm9yZwAKCRAS9NIcj2pjyEDPD/9AIDXeoBpAbIych3S9bWJA54T13mLA
HJvJ9DyMrhvBPWkU844Q+2y4pKQsU0oPTzVyW6m19kq4I41ovI1/G3M60mFg2LyE
N7+eNADXaZzJ0mboBLJ+Yst6tZn5V45Y3a5uqGW1RYdi/PoJpO9mYs/mDQ9EaY/Z
3TNKagUOVOWCp7TOZZ50J0k0eGuH+QbhMHuNmI60qBDKQXS7+nA0WnToLIKELcD8
3sHEGt0/6Ngd1sUhYrF5Rp5oVKzLBBatJDB6M494nrhkB6UuXM2FXzctC4Bp1OQr
2KOt2HAQY8paDbbZo43V7SHucOkN6JY/RE3KTObblWn+Ca6Nh9QKyXxdXg32Wcpu
HEVDbLp2nYTlkV7DYJts+/DhHVza/VyGucglk6B+8vr0+kUPc5jzowZiQoeiSe+w
9dIRocTH/iPMrIn1lJYX2pdMo3Fn4O4yGQVqZI9sUxEfTiu1MK2SfXE9NwhHvAE4
oLgQC6eelpg86vesd3MyzamPOCszgC5jhKIwtznEsrakOjGsJ+UqLxo65EhQsdCB
mMK5DqJCnKbYCorDZW5vrWQJullkh/12Otd4mKDa5nB03zSFhEM1VUq5ZdXSScK6
KWhe4qiJ9UKucJgV82AtdmKebqMPKDq32ve4ISLGo26MRCr8s1XLkfZuh+MEcPMz
qstl/kwljVhoNw==
=HAZ5
-----END PGP SIGNATURE-----
pgpMnGkr4qJE7.pgp
Description: PGP signature
--- End Message ---
