* SECURITY UPDATE: fix denial-of-service bug in compiler (LP: #1977694)
- debian/patches/CVE-2022-24713-pre.patch: support empty patterns
in src/compile.rs.
- debian/patches/CVE-2022-24713-pre2.patch: account for Unicode
class size in regex compilation error in src/compile.rs.
- debian/patches/CVE-2022-24713.patch: adding a fake amount of
memory every time we compile an empty sub-expression in
src/compile.rs.
- CVE-2022-24713
-- David Fernandez Gonzalez <email address hidden> Tue, 21 Jun 2022 09:14:36 -0500
This bug was fixed in the package rust-regex - 1.2.1-3ubuntu0.1
---------------
rust-regex (1.2.1-3ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: fix denial-of-service bug in compiler (LP: #1977694) patches/ CVE-2022- 24713-pre. patch: support empty patterns patches/ CVE-2022- 24713-pre2. patch: account for Unicode patches/ CVE-2022- 24713.patch: adding a fake amount of
- debian/
in src/compile.rs.
- debian/
class size in regex compilation error in src/compile.rs.
- debian/
memory every time we compile an empty sub-expression in
src/compile.rs.
- CVE-2022-24713
-- David Fernandez Gonzalez <email address hidden> Tue, 21 Jun 2022 09:14:36 -0500