[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Preparing 4.0.1: Patch release of 4.0
From: |
Chad Walstrom |
Subject: |
Preparing 4.0.1: Patch release of 4.0 |
Date: |
Wed, 10 Nov 2004 10:49:43 -0600 |
User-agent: |
Mutt/1.5.6+20040722i |
Chad Walstrom wrote:
> I will be releasing a patch and updating our website later today (I
> have a day off from work), and making an announcement on info-gnats.
So, rather than waiting for me to track down the optimization bug with
libiberty and releasing 4.1, I've branched the 4.0 release to
gnats-4_0-patches. So far, I've rolled in the following string
formatting changes to misc.c:
2004-09-06 Hans-Albert Schneider <Hans-Albert@HA-Schneider.de>
* misc.c (gnats_strftime): If we have to interpret %z ourselves,
avoid a buffer overflow with 10 or more %z in format string. (log_msg):
Fix format string bug (in calling syslog()) described in
http://lists.gnu.org/archive/html/bug-gnats/2004-06/msg00028.html and in
http://www.zone-h.org/advisories/read/id=4889
2004-06-11 Jon Meredith <jonm@alchemetrics.co.uk>
* misc.c (gnats_strftime): added check for +/- at the start of the
string to support SCO OpenServer. The undocumented %z does not have a
'+' on for positive offsets, so the return from get_curr_date() cannot
be parsed by get_date(). (Closes: patch #1461)
I don't see any more potential security problems listed in the
ChangeLog's. I plan on tagging this change as the 4.0.1 release. If
you know of any other changes that should absolutely be included in this
release, let me know ASAP.
--
Chad Walstrom <chewie@wookimus.net> http://www.wookimus.net/
assert(expired(knowledge)); /* core dump */
signature.asc
Description: Digital signature