According to Dan Nuffer:
> I would like to know if there are any plans to release a version 3.1.6
> with fixes for the security problems in PR#951.
No, we don't plan to release a version 3.1.6. The concerns expressed
in PR#951 are being addressed in 3.2.0b3, currently under development,
but we still have some concerns about the portability of some of these
fixes (particularly the fork/exec's portability to Cygwin) that I'd be
reluctant to backport this to our "stable" release.
Also, as we couldn't even get CERT to blink at the much more serious
problem addressed in the 3.1.5 release, it's hard to get too worried
about the two relatively minor problems with external parser handling
in this release. (The vsprintf problem doesn't pose a security risk in
3.1.5, and has been addressed in 3.2.0b3 development.)
When things settle down a bit, I'll try to put out a patch to
ExternalParser.cc in 3.1.5 to address these and other problems in
that code.
--
Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba Phone: (204)789-3766
Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930
------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
