On 12 January 2015 17:29 CET, Moritz Heidkamp wrote: > the substring-index[-ci] procedures of the data-structures unit are > vulnerable to a buffer overrun attack when passed an integer greater > than zero as the optional START argument. This issue was fixed in master > (25db851) and chicken-5 (63d0445) via the patch discussed at > http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/msg00000.html.
This vulnerability was assigned CVE-2014-9651. Kind regards, The CHICKEN team
signature.asc
Description: PGP signature
_______________________________________________ Chicken-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/chicken-users
