| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01-agrep-is-called-tre-agrep-here.patch | agrep is called tre-agrep here | Santiago Vila <sanvila@debian.org> | no | |||
| 02-added-de-po-translation.patch | Added de.po translation | Santiago Vila <sanvila@debian.org> | no | debian | ||
| 03-cve-2016-8859.patch | fix missing integer overflow checks in regexec buffer size computations most of the possible overflows were already ruled out in practice by regcomp having already succeeded performing larger allocations. however at least the num_states*num_tags multiplication can clearly overflow in practice. for safety, check them all, and use the proper type, size_t, rather than int. also improve comments, use calloc in place of malloc+memset, and remove bogus casts. |
Rich Felker <dalias@aerifal.cx> | no | 2016-10-06 |