Bug#920273: marked as done (pcre2: Please disable pcre2grep-callout feature)

[Debian Bug Tracking System]

Your message dated Thu, 24 Jan 2019 11:11:31 +0000
with message-id <e1gmcux-0003bs...@fasolo.debian.org>
and subject line Bug#920273: fixed in pcre2 10.32-4
has caused the Debian Bug report #920273,
regarding pcre2: Please disable pcre2grep-callout feature
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
920273: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920273
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: pcre2
Version: 10.32-3
Tags: patch

Please use --disable-pcre2grep-callout in your Debian package. It is
surprising to users that a grep tool will execute commands.

This issue was identified during the Ubuntu security review for
promotion of pcre2 to main. See https://launchpad.net/bugs/1636666
(comment 47).

I am submitting a merge proposal to
https://salsa.debian.org/debian/pcre2/merge_requests

Thanks,
Jeremy Bicha

--- End Message ---

--- Begin Message ---

Source: pcre2
Source-Version: 10.32-4

We believe that the bug you reported is fixed in the latest version of
pcre2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 920...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthew Vernon <matt...@debian.org> (supplier of updated pcre2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 24 Jan 2019 09:20:51 +0000
Source: pcre2
Binary: libpcre2-8-0 libpcre2-8-0-udeb libpcre2-16-0 libpcre2-32-0 
libpcre2-posix0 libpcre2-dev libpcre2-dbg pcre2-utils
Architecture: i386 source
Version: 10.32-4
Distribution: unstable
Urgency: medium
Maintainer: Matthew Vernon <matt...@debian.org>
Changed-By: Matthew Vernon <matt...@debian.org>
Closes: 920273
Description: 
 libpcre2-16-0 - New Perl Compatible Regular Expression Library - 16 bit 
runtime f
 libpcre2-32-0 - New Perl Compatible Regular Expression Library - 32 bit 
runtime f
 libpcre2-8-0 - New Perl Compatible Regular Expression Library- 8 bit runtime 
fil
 libpcre2-8-0-udeb - New Perl Compatible Regular Expression Library- 8 bit 
runtime fil (udeb)
 libpcre2-dbg - New Perl Compatible Regular Expression Library - debug symbols
 libpcre2-dev - New Perl Compatible Regular Expression Library - development 
file
 libpcre2-posix0 - New Perl Compatible Regular Expression Library - 
posix-compatible
 pcre2-utils - New Perl Compatible Regular Expression Library - utilities
Changes:
 pcre2 (10.32-4) unstable; urgency=medium
 .
   * Take patch from Jeremy Bicha to build with
     --disable-pcre2grep-callout: A grep tool should not be expected to
     execute commands (Closes: #920273) (LP: #1636666)
Checksums-Sha1: 
 24ed3ddd9f67ecd09098e336531d58e353c22a8e 2342 pcre2_10.32-4.dsc
 0e2a26cfa38ef2cc871853d794f9750a2342b93f 4897 pcre2_10.32-4.diff.gz
 fa1251273e6b1dd907ea6fcfa045bc7b882a6082 5909 pcre2_10.32-4_source.buildinfo
 f8f68d2358897f1f8e52a58dc914f870109303b6 202036 libpcre2-16-0_10.32-4_i386.deb
 5283ce7abdb263c06e1fe743c8d806d79d7d778a 194012 libpcre2-32-0_10.32-4_i386.deb
 5619d49403b17ea303296a9984101c8d220f6c90 178212 
libpcre2-8-0-udeb_10.32-4_i386.udeb
 a3e84c5301d1d901492fc47c7b9c2b9961744769 213492 libpcre2-8-0_10.32-4_i386.deb
 0e0e0437e6b83b4176884668fd965454c53107e6 1506892 libpcre2-dbg_10.32-4_i386.deb
 3fad6e2c8caa01b83cbc51771b66a1871adc450c 670200 libpcre2-dev_10.32-4_i386.deb
 e5e075bc61e8847dc034d1feae37498262e07bd5 38684 libpcre2-posix0_10.32-4_i386.deb
 b524344901c8863ad134fe4620780f517f35dde3 143188 pcre2-utils_10.32-4_i386.deb
 5fc6cc111d8ecb8b3df4f2c8ff18dfc7550a6374 6156 pcre2_10.32-4_i386.buildinfo
Checksums-Sha256: 
 a777361a7da85a5ea9918fd7e8469f7dea9ade77fdd65edd82a78a03d1ce05eb 2342 
pcre2_10.32-4.dsc
 722fb789ac655910e7af706566d0b33b69bfa846f60a4da1a5c9c8ef8dc865ef 4897 
pcre2_10.32-4.diff.gz
 90bf63f549ca094fd45633c8e7b4e43286c54d891a943cf6b464480e2047dc31 5909 
pcre2_10.32-4_source.buildinfo
 54abea03614f0b86366dd7925d073582d4dceb940912c30a02110089382e221e 202036 
libpcre2-16-0_10.32-4_i386.deb
 238e034f1428b85af291ca75a9cbe7fffff46275b184a0a94c5767a93cde19d0 194012 
libpcre2-32-0_10.32-4_i386.deb
 b3b030babc2bf8b1c35ed4a65612a13db172eae4e3893297e47e5a34f05a2cb3 178212 
libpcre2-8-0-udeb_10.32-4_i386.udeb
 4c85b1f94939d8c4309bf8576b347514498634756bcd698e9c717ba6b6896dce 213492 
libpcre2-8-0_10.32-4_i386.deb
 1ae65bb11264b18cac78a2e0194f38f1df4542464abae8c873913176380b5913 1506892 
libpcre2-dbg_10.32-4_i386.deb
 871690abdbb43588d3ce424903e30595a49f7148a8b5779592ccab75d84ab33a 670200 
libpcre2-dev_10.32-4_i386.deb
 a0bcd6a60665d0b6deaace0dbb642382e257885190f2a1b537d79ea9a623ecaa 38684 
libpcre2-posix0_10.32-4_i386.deb
 92e7584b1706091ed25b406a17622ccdf226872c724c2e2225a5c54c82a282dd 143188 
pcre2-utils_10.32-4_i386.deb
 19502079852ae31e3bee053a48315eb40ea961a3abdd879343bc8088214732d0 6156 
pcre2_10.32-4_i386.buildinfo
Files: 
 a87d18905ce92e3e9a861de10253ea55 2342 libs optional pcre2_10.32-4.dsc
 4b4d5fdc1a38c4602be7fbd969340288 4897 libs optional pcre2_10.32-4.diff.gz
 23a495c62e65f2226e0b3dd91e13b51d 5909 libs optional 
pcre2_10.32-4_source.buildinfo
 36ef33e072e4ba358d5289824edaed36 202036 libs optional 
libpcre2-16-0_10.32-4_i386.deb
 c2d87137f8d50d8a6d2b734f87e39f79 194012 libs optional 
libpcre2-32-0_10.32-4_i386.deb
 01c33df2ba12c7d2a85c8fc97b435a1e 178212 debian-installer optional 
libpcre2-8-0-udeb_10.32-4_i386.udeb
 f5a0c5b10b6d9edbb7d83f02860f0545 213492 libs optional 
libpcre2-8-0_10.32-4_i386.deb
 6c9b23d9c186a6f729547b5a8083f7c8 1506892 debug optional 
libpcre2-dbg_10.32-4_i386.deb
 b7ab20a67833cc8928e02220774ac098 670200 libdevel optional 
libpcre2-dev_10.32-4_i386.deb
 319c639f9aba4c04511b905edf84075a 38684 libs optional 
libpcre2-posix0_10.32-4_i386.deb
 d23a8f079196c45fbe5f53fd43c27f55 143188 utils optional 
pcre2-utils_10.32-4_i386.deb
 d139784e92dbcdede49f79de263574bb 6156 libs optional 
pcre2_10.32-4_i386.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEuk75yE35bTfYoeLUEvTSHI9qY8gFAlxJj5sTHG1hdHRoZXdA
ZGViaWFuLm9yZwAKCRAS9NIcj2pjyPYND/9hO+R063G11B+5GBvcByhkGtZRiaWv
qzJNReFqyh3qhLnCuZvVg1RjyvN+QYeeaOUBBCLqlWrbHT0+CgBjFMWQrGJB9sB6
nlMCIwV29pO2YeMHFC/k+dLKIHsdESU7o77zD1rzPwDC7zq9qH0UpD5cvVVnztRh
Jdvd2UFbwZENMwqWys1gJIQx75B9YZXRTg7PTNn5mytBWbtEkzmEWAVMs8EaRezO
8818FK2Q/FNk6+N6jntnTmxyPq6CABODUXr/zr010AFr1FWTu9x3WNf9E0PHvZ+B
vXVH7gXQJKrz6ZRSkT3NqLVifxLJUXt129VmuZeo94WfvwLmS/BQ7PduKRPOFCJl
S/fOfH4c9v36g+pJa20WHNYowb0PS0b5lB3XCvj+45Bfd5pQxttgcJSRZi7TtCCS
08kIqfP9fj6b05uL3kaWAjNPhjJZBpkfhb5QC+JLjZD1kzH53u+yIiiGXH7/y8i3
vI+F3dJaoSIlszZKR0W8ULgMARTbqTc2+mndMfWzuYsByqlHYtAtXp+FaJj7lYNK
3akrIn/OCEWQPPYMTWQr5U/BoUActdbXrcORmsg6duHsFZ0sEbAnsfY4BKrpf+EW
mcr3kEdnNwprujO5tYHNbcS59WFbaVDjxU1A9nT9kkYthBkKJnTOBtMfhG2a+rhT
1blrvzkpdGJPCw==
=vNcz
-----END PGP SIGNATURE-----

--- End Message ---