281871e6b0
Fixes CVE-2019-13224: A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Fixes CVE-2019-13225: A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
4 lines
200 B
Plaintext
4 lines
200 B
Plaintext
# Locally calculated
|
|
sha256 dc6dec742941e24b761cea1b9a2f12e750879107ae69fd80ae1046459d4fb1db oniguruma-6.9.3.tar.gz
|
|
sha256 ae266a1ad1c2ef50baf14a1a2993e926cd46d09c6cc8b0b3a8498e44da2746b8 COPYING
|