Accepted libonig 5.9.5-3.2+deb8u4 (source amd64) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted libonig 5.9.5-3.2+deb8u4 (source amd64) into oldoldstable
From: Sylvain Beucler <beuc@debian.org>
Date: Wed, 04 Dec 2019 10:40:16 +0000
Message-id: <[🔎] E1icS4u-0005zA-8P@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 03 Dec 2019 18:38:09 +0100
Source: libonig
Binary: libonig2 libonig2-dbg libonig-dev
Architecture: source amd64
Version: 5.9.5-3.2+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Jörg Frings-Fürst <debian@jff-webhosting.net>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 libonig-dev - Development files for libonig2
 libonig2   - Oniguruma regular expressions library
 libonig2-dbg - Debugging symbols for libonig2
Changes:
 libonig (5.9.5-3.2+deb8u4) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2019-19012: an integer overflow in the search_in_range
     function in regexec.c leads to an out-of-bounds read, in which the
     offset of this read is under the control of an attacker. (This
     only affects the 32-bit compiled version). Remote attackers can
     cause a denial-of-service or information disclosure, or possibly
     have unspecified other impact, via a crafted regular expression.
   * CVE-2019-19204: in the function fetch_range_quantifier in
     regparse.c, PFETCH is called without checking PEND. This leads to
     a heap-based buffer over-read
   * CVE-2019-19246: heap-based buffer over-read in
     str_lower_case_match in regexec.c.
Checksums-Sha1:
 73ae5deda6229c4e9e50d219db62a14beebb3d78 1559 libonig_5.9.5-3.2+deb8u4.dsc
 91e8c5d98194446c836001e9cf2a7fedf9b4601e 12608 libonig_5.9.5-3.2+deb8u4.debian.tar.xz
 7ba540e399c0c3cb7cf65b9cf200ed6c2f26b165 118820 libonig2_5.9.5-3.2+deb8u4_amd64.deb
 10a04f9185fb12265cf533663de833569446ec91 201592 libonig2-dbg_5.9.5-3.2+deb8u4_amd64.deb
 cd6fd6d5646336f4f967911bef56171058fb97cc 79942 libonig-dev_5.9.5-3.2+deb8u4_amd64.deb
Checksums-Sha256:
 05c964d73562361412d072b41b2c2c09b0a39a2cd781bf8da6af5df62ea8d7a5 1559 libonig_5.9.5-3.2+deb8u4.dsc
 19b36a1d0c72a8f8c4428b020435ca6d9e710ba93cc9767525c6d67c33b245f2 12608 libonig_5.9.5-3.2+deb8u4.debian.tar.xz
 95cb0627bec3f0b43fa681820d8b42b6ae7ccdb911d0d19b28bfa9ede1371b01 118820 libonig2_5.9.5-3.2+deb8u4_amd64.deb
 0c7ec97b9761627bbc72dc2cceebed01dc29f8a0918fde9a35c5b9817da9ec85 201592 libonig2-dbg_5.9.5-3.2+deb8u4_amd64.deb
 abb57e0389fb3e908af947295b8a1c7fbc429aa3621890e5f51430d50c891d72 79942 libonig-dev_5.9.5-3.2+deb8u4_amd64.deb
Files:
 2b22942a4be443ae2402bd8d339673b9 1559 libs extra libonig_5.9.5-3.2+deb8u4.dsc
 c1a9b6940893391a4cd957ec5dabd148 12608 libs extra libonig_5.9.5-3.2+deb8u4.debian.tar.xz
 929ef4b5fa6ec957317046eab3702bc3 118820 libs optional libonig2_5.9.5-3.2+deb8u4_amd64.deb
 a0a265f3db8a0514526082876fd7b3b7 201592 debug extra libonig2-dbg_5.9.5-3.2+deb8u4_amd64.deb
 cb1a259f74996d31aa994fff666e15d7 79942 libdevel optional libonig-dev_5.9.5-3.2+deb8u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl3nidcACgkQj/HLbo2J
BZ/+MAf+P03AThQrWKe6T6vtWLVaedVlZHznwgXgKSTNrXZlr5n96rMX+/Z+QMC0
CbmsjpUKbivg1SofF/xS78cCROIJFLVgJP0ltUpQHO94dqKNUY2jnndQSg8AvxIH
nRSGIukQF6bUm5eJJ6FfAAAsYl38gqZxtLG1HOOJxO+a5ePsHghxuKG0hJpdl5xT
Z16mKQ4kkhihI+3SFC6xt/3bZm84V8jrHkjlEA9WArwhRk327F+Uo5je3EjbhSZ7
Af20e0rLtxGTJBqhPSdKMhYFzJeYSEOXN8YTZxGXV6V7KeGlY/erYQwP8KTWtC7f
qgDnGnqhCwx+NTjTz+BqwgH+1FwfGw==
=qAWu
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted exiv2 0.24-4.1+deb8u5 (source amd64 all) into oldoldstable
Next by Date: Accepted libav 6:11.12-1~deb8u9 (source all amd64) into oldoldstable
Previous by thread: Accepted exiv2 0.24-4.1+deb8u5 (source amd64 all) into oldoldstable
Next by thread: Accepted libav 6:11.12-1~deb8u9 (source all amd64) into oldoldstable
Index(es):
- Date
- Thread