Bug 20546

Summary: pcre2 new security issues CVE-2017-7186 and CVE-2017-8786
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Olav Vitters <olav>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mageia, marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pcre2-10.23-1.mga6.src.rpm CVE: CVE-2017-7186
Status comment:

Description David Walser 2017-03-21 00:49:57 CET 
A security issue fixed upstream in pcre2 has been announced:
http://openwall.com/lists/oss-security/2017/03/20/4

The commits that fixed the issue are linked in the message above and the fix will be included in 10.24.
Comment 1 Marja Van Waes 2017-03-21 07:46:14 CET 
Assigning to the registered maintainer.

CC: (none) => marja11
Assignee: bugsquad => olav

Comment 2 David Walser 2017-04-23 00:25:24 CEST 
Fedora has issued an advisory for CVE-2017-7186 on April 21:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TQ6PIE4TXTZQP7KMWCXA4KI6BZQOGEPM/
Nicolas Lécureuil 2017-04-25 16:40:51 CEST

CVE: (none) => CVE-2017-7186
CC: (none) => mageia

Comment 3 Nicolas Lécureuil 2017-04-25 16:44:22 CEST 
Fixed in cauldron

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 4 David Walser 2017-05-07 18:04:04 CEST 
pcre2-10.23-Previous-patch-was-not-quite-complete.patch added in this update fixed CVE-2017-8786:
http://openwall.com/lists/oss-security/2017/05/07/1

Summary: pcre2 new security issue CVE-2017-7186 => pcre2 new security issues CVE-2017-7186 and CVE-2017-8786