* musl 1.1.8 released
@ 2015-03-30 4:05 Rich Felker
0 siblings, 0 replies; only message in thread
From: Rich Felker @ 2015-03-30 4:05 UTC (permalink / raw)
To: musl
This release is a high-priority bug fix release correcting a
stack-based buffer overflow in IPv6 literal parsing (CVE-2015-1817)
affecting inet_pton and getaddrinfo and several other
potentially-serious bugs in regular expression parsing. The omission
of the max_align_t type for the new AArch64 port and a regression in
the definition of FLT_ROUNDS have also been fixed. All users should
upgrade or apply at least the following patches:
http://git.musl-libc.org/cgit/musl/patch/?id=fc13acc3dcb5b1f215c007f583a63551f6a71363
http://git.musl-libc.org/cgit/musl/patch/?id=39dfd58417ef642307d90306e1c7e50aaec5a35c
Download: http://www.musl-libc.org/releases/musl-1.1.8.tar.gz
Signature: http://www.musl-libc.org/releases/musl-1.1.8.tar.gz.asc
As always thanks goes out to musl's release sponsors:
The Midipix Project: http://midipix.org/
Hurricane Labs: https://www.hurricanelabs.com/
Thank you for supporting musl via Patreon: https://www.patreon.com/musl
A 1.0.5 release will soon follow with backports of these and other
important bug fixes to the maintenance-only 1.0.x branch.
Rich
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-03-30 4:05 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-30 4:05 musl 1.1.8 released Rich Felker
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).