FYI... It looks like the CVE was assigned, so we will be pushing 5.6.4 shortly.
On Mon, Apr 11, 2016 at 2:41 AM, Jeffrey Walton <[email protected]> wrote: > On Mon, Apr 11, 2016 at 2:20 AM, László Böszörményi (GCS) > <[email protected]> wrote: >> On Fri, Apr 8, 2016 at 1:22 AM, Jeffrey Walton <[email protected]> wrote: >>> We checked in the fix for the issue at: >>> >>> * >>> http://github.com/weidai11/cryptopp/commit/9f335d719ebc27f58251559240de0077ec42c583 >>> >>> We also picked up the improvement for constant propagation: >>> >>> * >>> http://github.com/weidai11/cryptopp/commit/50e5c14c18671726d23479b5e0cadc4224100259 >>> >>> We have not received feedback on the imperativeness of a CVE, so we >>> are going to handle this as a normal bug fix. >> The CVE-2016-3995 vulnerability id recently assigned[1]. Fixed for >> Debian/Sid[2], will update (old-)stable releases as well in the >> afternoon. > > OK, thanks. > > I'll ramp up for the 5.6.4 release and the extended testing. Expect it > in roughly 2 to 4 weeks. > > We are ahead of the game at the moment because we are clean under > Compiler Warnings, Valgrind, Enterprise Analysis and Covertiy (Master > was tested with Valgrind and Coverity earlier tonight). > -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
