[SECURITY] [DLA 1918-1] libonig security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1918-1] libonig security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Thu, 12 Sep 2019 11:48:11 +0200
Message-id: <[🔎] 20190912094811.amtjchenirr5c7hp@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libonig
Version        : 5.9.5-3.2+deb8u3
CVE ID         : CVE-2019-16163
Debian Bug     : 939988


The Oniguruma regular expressions library, notably used in PHP
mbstring, is vulnerable to stack exhaustion.  A crafted regular
expression can crash the process.

For Debian 8 "Jessie", this problem has been fixed in version
5.9.5-3.2+deb8u3.

We recommend that you upgrade your libonig packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl16EwoACgkQj/HLbo2J
BZ+eJgf+OU8NBd0fwtVEmF2UgU66npBCYlsoO62ZVFXg3NuDo37+c5VKaw8JLxA5
q4/TageYMoBPDOAxb3aMaizPPW3Tcon4eFHaZ1rV6l/4rWTB7jp8ru+BwsdObIoz
TIq4zGXlsYmMTC3S+u8UH1rsYkAANB5q5+Vy85BKuG8HOyxwassxgjmgW1quGfJ/
u8XB6unxSp/SzqZxH5+UFBu2dssP4o1GyNAZjcpf9naTiriyMk/AO1RU+tucRHMo
6USE5gNzFhoCiSQZRzjff2cYqd/88w/AsKq8G2gV1rAs1A0qcXSemFxA9iwD9q4A
39zRUUYSqosIBnv5aeOykQ2YQBVvnA==
=oiDK
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1916-1] opensc security update
Next by Date: [SECURITY] [DLA 1920-1] golang-go.crypto security update
Previous by thread: [SECURITY] [DLA 1916-1] opensc security update
Next by thread: [SECURITY] [DLA 1920-1] golang-go.crypto security update
Index(es):
- Date
- Thread