[Buildroot] [PATCH] package/pcre2: security bump to version 10.46
Thomas Perale
thomas.perale at mind.be
Fri Sep 19 12:56:32 UTC 2025
In reply of:
> Fixes the following security issue:
>
> - CVE-2025-58050: PCRE2: heap-buffer-overflow read in match_ref due to
> missing boundary restoration in SCS
>
> Compared to 10.45, this release has only a minimal code change to prevent a
> read-past-the-end memory error, of arbitrary length. An attacker-controlled
> regex pattern is required, and it cannot be triggered by providing crafted
> subject (match) text. The (*ACCEPT) and (*scs:) pattern features must be
> used together.
>
> Release 10.44 and earlier are not affected.
>
> https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Applied to 2025.02.x, 2025.05.x & 2025.08.x. Thanks
> ---
> package/pcre2/pcre2.hash | 4 ++--
> package/pcre2/pcre2.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/pcre2/pcre2.hash b/package/pcre2/pcre2.hash
> index 35b87ad854..bd2422d991 100644
> --- a/package/pcre2/pcre2.hash
> +++ b/package/pcre2/pcre2.hash
> @@ -1,5 +1,5 @@
> # Locally calculated after checking pgp signature:
> -# https://github.com/PhilipHazel/pcre2/releases/download/pcre2-10.45/pcre2-10.45.tar.bz2.sig
> -sha256 21547f3516120c75597e5b30a992e27a592a31950b5140e7b8bfde3f192033c4 pcre2-10.45.tar.bz2
> +# https://github.com/PhilipHazel/pcre2/releases/download/pcre2-10.46/pcre2-10.46.tar.bz2.sig
> +sha256 15fbc5aba6beee0b17aecb04602ae39432393aba1ebd8e39b7cabf7db883299f pcre2-10.46.tar.bz2
> # Locally computed
> sha256 9cf7ac6976099a1d856826d3ef1b093bd6b84489dc6100628ac79e740cf9885a LICENCE.md
> diff --git a/package/pcre2/pcre2.mk b/package/pcre2/pcre2.mk
> index 6d2b729dfe..1d0a3b845f 100644
> --- a/package/pcre2/pcre2.mk
> +++ b/package/pcre2/pcre2.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -PCRE2_VERSION = 10.45
> +PCRE2_VERSION = 10.46
> PCRE2_SITE = https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$(PCRE2_VERSION)
> PCRE2_SOURCE = pcre2-$(PCRE2_VERSION).tar.bz2
> PCRE2_LICENSE = BSD-3-Clause
> --
> 2.39.5
>
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
More information about the buildroot
mailing list