Source: libonig Version: 6.9.2-1 Severity: important Tags: security upstream Control: found -1 6.9.1-1 Control: found -1 6.1.3-2
Hi, The following vulnerability was published for libonig. CVE-2019-19246[0]: | Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has | a heap-based buffer over-read in str_lower_case_match in regexec.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-19246 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19246 [1] https://bugs.php.net/bug.php?id=78559 [2] https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b Regards, Salvatore
