Alien-PCRE2 0.004000
Security Advisories
CVE-2019-20454
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
- https://bugs.php.net/bug.php?id=78338
- https://bugs.exim.org/show_bug.cgi?id=2421
- https://bugzilla.redhat.com/show_bug.cgi?id=1735494
- https://vcs.pcre.org/pcre2?view=revision&revision=1092
- https://security.gentoo.org/glsa/202006-16
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQRAHYHLRNMBTPR3KXVM27NSZP3KTOPI/
Fixed version: >=0.016000
Severity: high
Reported: 2020-02-14
Kwalitee Issues
No Core Issues.
- meta_yml_declares_perl_version
-
If you are using Build.PL define the {requires}{perl} = VERSION field. If you are using MakeMaker (Makefile.PL) you should upgrade ExtUtils::MakeMaker to 6.48 and use MIN_PERL_VERSION parameter. Perl::MinimumVersion can help you determine which version of Perl your module needs.
- meta_yml_has_provides
-
Add all modules contained in this distribution to the META.yml field 'provides'. Module::Build or Dist::Zilla::Plugin::MetaProvides do this automatically for you.
- has_separate_license_file
-
This is not a critical issue. Currently mainly informative for the CPANTS authors. It might be removed later.
Modules
Name | Abstract | Version | View |
---|---|---|---|
Alien::PCRE2 | Find or download/build/install libpcre2 in PCRE2, the new Perl Compatible Regular Expression engine | 0.004000 | metacpan |