Am 02.12.25 um 11:52 AM schrieb Andreas Tille:
Hi Alois,
Am Sun, Aug 31, 2025 at 11:27:12PM +0200 schrieb Alois Schlögl:
Attached are patches to fix a number of security vulnerabilities on biosig
3.9.0 [1,2]. The numbers indicate the last 20 patches from upstream [3,4].
Only those patches relevant for these CVE's are discussed here:
...
I've seen you released version 3.9.1. I injected the new source into
Salsa. Are those patches included into this new version and would this
version close this bug?
Kind regards
Andreas.
Hi Andreas,
release v3.9.1 addresses are number of the reported CVE but not all.
Some MFER parsing issues are only addressed at some later commits.
The other CVE's (related to GDF, NEX, ABF, RHS2000, BrainVision) are
addressed by v3.9.1.
I've planning to release 3.9.2 within the next 5 weeks, this will fix
the other known security issues as well as a number of other bugs.
Again, the ABI will not change. If 5 weeks is to much, I can check
whether I can push this forward.
Kind regards,
Alois
