This is the first I've heard about an actual vulnerability in the version of boost currently packaged with FireBreath. I will update it as soon as I have the chance; that may not be this week. It's been on my to-do list for awhile.
In the mean time you have the following options to satisfy the management of whichever large company you're concerned about:
1) Update it yourself and send me a pull request
2) Use your own boost installation and the WITH_SYSTEM_BOOST option (for details look on the firebreath website, search for prep scripts)
3) Don't use boost pool
Hope that helps!
On Jul 10, 2012, at 16:57 , Colin wrote: