profiles/base: Add note about CVE-2016-8859 for dev-libs/tre - overlay - My own overlay for experimentations, use with caution, no support is provided

commit: c88d5bfd32576009b741bbb3acb90a7aacf3ba38
parent b44747ede8fb169d7f5fea8ccadfc1cbd791768c
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Mon,  1 Jul 2024 19:20:25 +0200

profiles/base: Add note about CVE-2016-8859 for dev-libs/tre

Diffstat:
M profiles/base/package.mask 5 +++++

1 file changed, 5 insertions(+), 0 deletions(-)
diff --git a/profiles/base/package.mask b/profiles/base/package.mask
@@ -1,6 +1,11 @@
 # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-06-04)
 # Last release (0.8.0) in 2009 with several known bugs
 # leading Gentoo to maintain a patchset.
+#
+# Also no releases since CVE-2016-8859 <https://www.openwall.com/lists/oss-security/2016/10/19/1>
+# > Multiple integer overflows in the TRE library and musl libc allow attackers
+# > to cause memory corruption via a large number of (1) states or (2) tags,
+# > which triggers an out-of-bounds write.
 dev-libs/tre
 
 # Haelwenn (lanodan) Monnier <contact@hacktivis.me> (2024-05-23)