Skip to content

Fix: Potential Vulnerability in Cloned Function#1123

Closed
tabudz wants to merge 1 commit into3proxy:masterfrom
tabudz:fix-CVE-2015-2305
Closed

Fix: Potential Vulnerability in Cloned Function#1123
tabudz wants to merge 1 commit into3proxy:masterfrom
tabudz:fix-CVE-2015-2305

Conversation

@tabudz
Copy link
Copy Markdown

@tabudz tabudz commented Feb 21, 2025

Description
This PR fixes a security vulnerability in regcomp() that was cloned from mysql-server but did not receive the security patch. The original issue was reported and fixed under mysql/mysql-server@dc45e40.
This PR applies the same patch to eliminate the vulnerability.

References
https://nvd.nist.gov/vuln/detail/CVE-2015-2305
mysql/mysql-server@dc45e40

@tabudz
Bug#20642505: HENRY SPENCER REGULAR EXPRESSIONS (REGEX) LIBRARY
8079c71 
The MySQL server uses Henry Spencer's library for regular
expressions to support the REGEXP/RLIKE string operator.
This changeset adapts a recent fix from the upstream for
better 32-bit compatiblity. (Note that we cannot simply use
the current upstream version as a drop-in replacement
for the version used by the server as the latter has
been extended to understand MySQL charsets etc.)
@z3APA3A z3APA3A force-pushed the master branch 5 times, most recently from 9acb538 to 71d676e Compare April 9, 2026 14:54
@z3APA3A
Copy link
Copy Markdown
Collaborator

z3APA3A commented Apr 12, 2026

3proxy switched to use PCRE2

@z3APA3A z3APA3A closed this Apr 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tabudz @z3APA3A