Skip to content

Commit 4e84d99

Browse files
NWilsonNWilson
authored
Update version number, NEWS, and ChangeLog
1 parent cd85b16 commit 4e84d99

File tree

3 files changed

+35
-2
lines changed

3 files changed

+35
-2
lines changed

ChangeLog

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,22 @@ there is also the log of commit messages.
77
Internal changes which are not visible to clients of the library are mostly not
88
listed here.
99

10+
Version 10.46 27-August-2025
11+
----------------------------
12+
13+
1. (#771) Security fix to prevent a read-past-the-end memory error, of
14+
arbitrary length. An attacker-controlled regex pattern is required, and it
15+
cannot be triggered by providing crafted subject (match) text. The
16+
(*ACCEPT) and (*scs:) pattern features must be used together.
17+
18+
Release 10.44 and earlier are not affected.
19+
20+
This could have implications of denial-of-service or information disclosure,
21+
and could potentially be used to escalate other vulnerabilities in a system
22+
(such as information disclosure being used to escalate the severity of an
23+
unrelated bug in another system).
24+
25+
1026
Version 10.45 05-February-2025
1127
------------------------------
1228

NEWS

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,23 @@
11
News about PCRE2 releases
22
-------------------------
33

4+
Version 10.46 27-August-2025
5+
----------------------------
6+
7+
This is a security-only release, with only a minimal code change to prevent a
8+
read-past-the-end memory error, of arbitrary length. An attacker-controlled
9+
regex pattern is required, and it cannot be triggered by providing crafted
10+
subject (match) text. The (*ACCEPT) and (*scs:) pattern features must be used
11+
together.
12+
13+
Release 10.44 and earlier are not affected.
14+
15+
This could have implications of denial-of-service or information disclosure,
16+
and could potentially be used to escalate other vulnerabilities in a system
17+
(such as information disclosure being used to escalate the severity of an
18+
unrelated bug in another system).
19+
20+
421
Version 10.45 05-February-2025
522
------------------------------
623

configure.ac

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@ dnl The PCRE2_PRERELEASE feature is for identifying release candidates. It might
99
dnl be defined as -RC2, for example. For real releases, it should be empty.
1010

1111
m4_define(pcre2_major, [10])
12-
m4_define(pcre2_minor, [45])
12+
m4_define(pcre2_minor, [46])
1313
m4_define(pcre2_prerelease, [])
14-
m4_define(pcre2_date, [2025-02-05])
14+
m4_define(pcre2_date, [2025-08-27])
1515

1616
# Libtool shared library interface versions (current:revision:age)
1717
m4_define(libpcre2_8_version, [14:0:14])

0 commit comments

Comments
 (0)