mirror of
https://git.yoctoproject.org/poky
synced 2026-02-13 20:23:04 +01:00
7273f1183f
* CVE-2018-6798-1 The proximal cause is several instances in regexec.c of the code assuming that the input was valid UTF-8, whereas the input was too short for what the start byte claimed it would be. I grepped through the core for any other similar uses, and did not find any. (cherry picked from commit fe7d8ba0a1bf567af8fa8fea128e2b9f4c553e84) * CVE-2018-6798-2 The first patch for 132063 prevented the buffer read overflow when dumping the warning but didn't fix the underlying problem. The next change treats the supplied buffer correctly, preventing the non-UTF-8 SV from being treated as UTF-8, preventing the warning. (cherry picked from commit 1e8b61488f195e1396aa801c685340b156104f4f) Affects perl >= 5.22 && perl <= 5.26 (From OE-Core rev: 4aaf09b9d657b1c2df85bf509008beacd6a00342) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>