Date: Mon, 22 Jun 2015 04:19:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 200980] lang/chicken: CVE-2015-4556: out-of-bounds read in CHICKEN Scheme's string-translate* procedure Message-ID: <bug-200980-13-vjbyhpDtZg@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-200980-13@https.bugs.freebsd.org/bugzilla/> References: <bug-200980-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200980 --- Comment #5 from Jason Unovitch <jason.unovitch@gmail.com> --- Regarding security/vuxml documentation and a close action for the PR. RC1 doesn't list CVE-2015-4556 as being fixed in the RC1 release notes here: http://code.call-cc.org/dev-snapshots/2015/06/07/NEWS - Security fixes - CVE-2014-6310: Use POSIX poll() on Android platform to avoid potential select() buffer overrun. - CVE-2014-9651: substring-index[-ci] no longer scans beyond string boundaries. That was annouced 8 days after RC1 was released and the git commit for the fix was 7 days after RC1. It does announce an earlier issue being fixed that hasn't been documented yet. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200980-13-vjbyhpDtZg>