On Tue, May 31, 2022 at 10:29 AM Davide Gardenal <[email protected]> wrote: > > After a bit of research I found out that the commit that fixes CVE-2022-1587 > (https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0) > is not directly applicable to .39, it needs a compiler update > (https://github.com/PCRE2Project/pcre2/commit/dea56d2df94546c23021a42d9395f2333589f01e), > this is a very substantial update. Looking at Fedora and Debian they updated > the .40 too. >
I've have had a look at the JIT update, the commit list for .40. The JIT update contains something that looks like fixes around types and their sizes, among other things. Because of that I would suggest to bump the version here to stay on the safe side. Regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166307): https://lists.openembedded.org/g/openembedded-core/message/166307 Mute This Topic: https://lists.openembedded.org/mt/91447368/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
