Fabrice Fontaine 9cc3d45781 package/oniguruma: security bump to version 6.9.3 ...

Fixes CVE-2019-13224: A use-after-free in onig_new_deluxe() in regext.c
in Oniguruma 6.9.2 allows attackers to potentially cause information
disclosure, denial of service, or possibly code execution by providing a
crafted regular expression. The attacker provides a pair of a regex
pattern and a string, with a multi-byte encoding that gets handled by
onig_new_deluxe().

Fixes CVE-2019-13225: A NULL Pointer Dereference in match_at() in
regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause
denial of service by providing a crafted regular expression.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 281871e6b0)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2019-09-02 12:32:39 +02:00

..

Config.in

…

oniguruma.hash

package/oniguruma: security bump to version 6.9.3

2019-09-02 12:32:39 +02:00

oniguruma.mk

package/oniguruma: security bump to version 6.9.3

2019-09-02 12:32:39 +02:00