In Oniguruma, an attacker able to supply a regular expression
for compilation may be able to overflow a buffer by one byte
Besides, there were other other issues like resource leaks in
not_code_range_buf(), etc in
some other issues that needed fixing as well.
For Debian 8 jessie, these problems have been fixed in version 5.9.5-3.2+deb8u5.
We recommend that you upgrade your libonig packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/