Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20150330040553.GA25108@brightrain.aerifal.cx>
Date: Mon, 30 Mar 2015 00:05:53 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: musl 1.1.8 released

This release is a high-priority bug fix release correcting a
stack-based buffer overflow in IPv6 literal parsing (CVE-2015-1817)
affecting inet_pton and getaddrinfo and several other
potentially-serious bugs in regular expression parsing. The omission
of the max_align_t type for the new AArch64 port and a regression in
the definition of FLT_ROUNDS have also been fixed. All users should
upgrade or apply at least the following patches:

http://git.musl-libc.org/cgit/musl/patch/?id=fc13acc3dcb5b1f215c007f583a63551f6a71363
http://git.musl-libc.org/cgit/musl/patch/?id=39dfd58417ef642307d90306e1c7e50aaec5a35c

Download: http://www.musl-libc.org/releases/musl-1.1.8.tar.gz
Signature: http://www.musl-libc.org/releases/musl-1.1.8.tar.gz.asc

As always thanks goes out to musl's release sponsors:

  The Midipix Project: http://midipix.org/
  Hurricane Labs: https://www.hurricanelabs.com/

Thank you for supporting musl via Patreon: https://www.patreon.com/musl

A 1.0.5 release will soon follow with backports of these and other
important bug fixes to the maintenance-only 1.0.x branch.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.