[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci]
From: |
Moritz Heidkamp |
Subject: |
[Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci] |
Date: |
Mon, 12 Jan 2015 16:12:00 +0100 |
Dear CHICKEN users,
the substring-index[-ci] procedures of the data-structures unit are
vulnerable to a buffer overrun attack when passed an integer greater
than zero as the optional START argument. This issue was fixed in master
(25db851) and chicken-5 (63d0445) via the patch discussed at
http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html.
Affected versions: all
Fix versions: 4.9.0.2, 4.9.1, 5.0
Kind regards,
The CHICKEN team
signature.asc
Description: PGP signature
- [Chicken-users] [SECURITY] Fix buffer overrun in substring-index[-ci],
Moritz Heidkamp <=