Date: Mon, 30 Mar 2015 00:05:53 -0400 From: Rich Felker <dalias@...c.org> To: musl@...ts.openwall.com Subject: musl 1.1.8 released This release is a high-priority bug fix release correcting a stack-based buffer overflow in IPv6 literal parsing (CVE-2015-1817) affecting inet_pton and getaddrinfo and several other potentially-serious bugs in regular expression parsing. The omission of the max_align_t type for the new AArch64 port and a regression in the definition of FLT_ROUNDS have also been fixed. All users should upgrade or apply at least the following patches: http://git.musl-libc.org/cgit/musl/patch/?id=fc13acc3dcb5b1f215c007f583a63551f6a71363 http://git.musl-libc.org/cgit/musl/patch/?id=39dfd58417ef642307d90306e1c7e50aaec5a35c Download: http://www.musl-libc.org/releases/musl-1.1.8.tar.gz Signature: http://www.musl-libc.org/releases/musl-1.1.8.tar.gz.asc As always thanks goes out to musl's release sponsors: The Midipix Project: http://midipix.org/ Hurricane Labs: https://www.hurricanelabs.com/ Thank you for supporting musl via Patreon: https://www.patreon.com/musl A 1.0.5 release will soon follow with backports of these and other important bug fixes to the maintenance-only 1.0.x branch. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.