Control: tags -1 + patch Hi
Attached would be the proposed debdiff for a NMU in case needed (I will use in any case a delayed queue if I upload). Let me know if you would appreciate the NMU or prefer to do the upload on your own if you agree. Regards, Salvatore
diff -Nru pcre3-8.39/debian/changelog pcre3-8.39/debian/changelog --- pcre3-8.39/debian/changelog 2016-08-19 10:04:15.000000000 +0200 +++ pcre3-8.39/debian/changelog 2017-02-17 15:56:09.000000000 +0100 @@ -1,3 +1,11 @@ +pcre3 (2:8.39-2.1) unstable; urgency=high + + * Non-maintainer upload. + * CVE-2017-6004: crafted regular expression may cause denial of service + (Closes: #855405) + + -- Salvatore Bonaccorso <car...@debian.org> Fri, 17 Feb 2017 15:56:09 +0100 + pcre3 (2:8.39-2) unstable; urgency=low * Update symbols file to reflect compilation with gcc6 (Closes: #811969) diff -Nru pcre3-8.39/debian/patches/CVE-2017-6004.patch pcre3-8.39/debian/patches/CVE-2017-6004.patch --- pcre3-8.39/debian/patches/CVE-2017-6004.patch 1970-01-01 01:00:00.000000000 +0100 +++ pcre3-8.39/debian/patches/CVE-2017-6004.patch 2017-02-17 15:56:09.000000000 +0100 @@ -0,0 +1,19 @@ +Description: CVE-2017-6004: crafted regular expression may cause denial of service +Origin: upstream, https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch +Bug: https://bugs.exim.org/show_bug.cgi?id=2035 +Bug-Debian: https://bugs.debian.org/855405 +Forwarded: not-needed +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2017-02-17 + +--- a/pcre_jit_compile.c ++++ b/pcre_jit_compile.c +@@ -8111,7 +8111,7 @@ if (opcode == OP_COND || opcode == OP_SC + + if (*matchingpath == OP_FAIL) + stacksize = 0; +- if (*matchingpath == OP_RREF) ++ else if (*matchingpath == OP_RREF) + { + stacksize = GET2(matchingpath, 1); + if (common->currententry == NULL) diff -Nru pcre3-8.39/debian/patches/series pcre3-8.39/debian/patches/series --- pcre3-8.39/debian/patches/series 2016-07-28 17:43:57.000000000 +0200 +++ pcre3-8.39/debian/patches/series 2017-02-17 15:56:09.000000000 +0100 @@ -5,3 +5,4 @@ soname.patch no_jit_x32_powerpcspe.patch Disable_JIT_on_sparc64.patch +CVE-2017-6004.patch