Your message dated Thu, 28 Aug 2025 22:17:09 +0000
with message-id <[email protected]>
and subject line Bug#1112278: fixed in pcre2 10.46-1~deb13u1
has caused the Debian Bug report #1112278,
regarding pcre2: CVE-2025-58050
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1112278: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112278
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: src:pcre2
version: 10.45-1
tags: security upstream trixie forky
PCRE upstream released 10.46 yesterday to fix CVE-2025-58050 -
https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46
Quoting the release note:
"
This is a security-only release, to address CVE-2025-58050.
Compared to 10.45, this release has only a minimal code change to
prevent a read-past-the-end memory error, of arbitrary length. An
attacker-controlled regex pattern is required, and it cannot be
triggered by providing crafted subject (match) text. The (*ACCEPT) and
(*scs:) pattern features must be used together.
Release 10.44 and earlier are not affected.
This could have implications of denial-of-service or information
disclosure, and could potentially be used to escalate other
vulnerabilities in a system (such as information disclosure being used
to escalate the severity of an unrelated bug in another system).
"
So trixie (10.45-1) and forky/unstable are vulnerable, but not older
releases.
Regards,
Matthew
--- End Message ---
--- Begin Message ---
Source: pcre2
Source-Version: 10.46-1~deb13u1
Done: Matthew Vernon <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pcre2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthew Vernon <[email protected]> (supplier of updated pcre2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Aug 2025 08:43:18 +0100
Source: pcre2
Architecture: source
Version: 10.46-1~deb13u1
Distribution: trixie
Urgency: high
Maintainer: Matthew Vernon <[email protected]>
Changed-By: Matthew Vernon <[email protected]>
Closes: 1112278
Changes:
pcre2 (10.46-1~deb13u1) trixie; urgency=high
.
* New upstream release to fix CVE-2025-58050 (Closes: #1112278)
Checksums-Sha1:
70d60f3aaff0248e6a87f836a5fac291e0d57536 2377 pcre2_10.46-1~deb13u1.dsc
73a5b15c4204a8788040848fb85faf37f3017fc7 8729 pcre2_10.46-1~deb13u1.diff.gz
Checksums-Sha256:
15fd556b0182dac4decee5408ab4908654bb6a7f2002774a46e908c1ec7937b8 2377
pcre2_10.46-1~deb13u1.dsc
b1e614d7d31b26314754c563079b6e8400e50fe7a35d21cc0945f41c45965c45 8729
pcre2_10.46-1~deb13u1.diff.gz
Files:
dcece146539c4ee98eae46abd48f821b 2377 libs optional pcre2_10.46-1~deb13u1.dsc
9acc7ceefea744ef71017ea7f328ee9d 8729 libs optional
pcre2_10.46-1~deb13u1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEuk75yE35bTfYoeLUEvTSHI9qY8gFAmiwFLQTHG1hdHRoZXdA
ZGViaWFuLm9yZwAKCRAS9NIcj2pjyJdjD/9QEoSG3KeP7IQ2Z8rTWqcJB42er3l+
LteXwKPeLZ1Da7VDwdjvww1uq3lFv8+Y6Xoce9gsckBvq0WVcANj2RKcG9Gelpid
4oPTthkoqjTborai3SKCIpeEqRmJVkenz4PPqVC3+6H468Otc4srfBRN6bpkEymv
o5QH8vsKZ5riE47gCFhNsSYLVFZ+mEnDXWFJYIEFmdZ4tgm83+I4MBd9dzTRrjRb
Ie+GrPfjaJN60W6fe7P81xbCf2vNtqZVTJOqUfXkXXHjwlHi5SS4IvSkiUSL/2oK
OduqXaf14U5JVj39NiiSbxxk+7sIwI3o8/STXLNMmyki9C4L1C6fCfclo218Vk4J
b3Ghy0TpkrW7NGsJBUl7x/T18bQy+GPxgGqzOoKcwkxUycsBURUmspMRiXB/Ymq/
x/hJSY4myvZHCFsmum3k11V3ALUTNcb+zg+VjPTmnor6ZFGD3W58LYxuGs5ZWNbH
iNXM99J2oWaOB5Glt/GDU8Of9xDI2DoavadtR97Gxh04iYpI1mM+1nOD0i7lFNy3
j4y+XNUPlgutHroZBNpJgicOkpIw/4O6L30VDaMvxAqZDMdEg+MwVkgPwe1YPKHL
6RoAJFwp4rG2o8TMotV5SJ/Ni9T8UEEU9d/3EFk4SM79o7hjGEQYdGK5R6p87Zbs
Ou5MRgDjVe/MFw==
=3W7V
-----END PGP SIGNATURE-----
pgpDrN7FqANQK.pgp
Description: PGP signature
--- End Message ---
