Source: libonig Version: 6.9.5-2 Severity: important Tags: security upstream Forwarded: https://github.com/kkos/oniguruma/issues/207 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for libonig. CVE-2020-26159[0]: | In Oniguruma 6.9.5_rev1, an attacker able to supply a regular | expression for compilation may be able to overflow a buffer by one | byte in concat_opt_exact_str in src/regcomp.c . If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-26159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26159 [1] https://github.com/kkos/oniguruma/issues/207 [2] https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0 Please adjust the affected versions in the BTS as needed. Regards, Salvatore