[Bug 200980] lang/chicken: CVE-2015-4556: out-of-bounds read in CHICKEN Scheme's string-translate* procedure
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jun 22 04:19:15 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200980
--- Comment #5 from Jason Unovitch <jason.unovitch at gmail.com> ---
Regarding security/vuxml documentation and a close action for the PR.
RC1 doesn't list CVE-2015-4556 as being fixed in the RC1 release notes here:
http://code.call-cc.org/dev-snapshots/2015/06/07/NEWS
- Security fixes
- CVE-2014-6310: Use POSIX poll() on Android platform to avoid
potential select() buffer overrun.
- CVE-2014-9651: substring-index[-ci] no longer scans beyond string
boundaries.
That was annouced 8 days after RC1 was released and the git commit for the fix
was 7 days after RC1. It does announce an earlier issue being fixed that
hasn't been documented yet.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list