Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
firebreath-dev
Home
+ new post
About this group
Join this group
Update version of Boost?
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   3 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Colin  
View profile   Translate to Translated (View Original)
 More options Jul 10 2012, 6:57 pm
From: Colin <colin.r.bl...@gmail.com>
Date: Tue, 10 Jul 2012 15:57:18 -0700 (PDT)
Local: Tues, Jul 10 2012 6:57 pm
Subject: Update version of Boost?
Print | Individual message | Show original | Report this message | Find messages by this author

Seems that boost 1.46.1 has the following potential buffer overflow
vulnerability:

Integer overflows in ordered_malloc() Boost pool. Also see bug #6701 in the
changeset. This vulnerability is currently fixed in the Boost SVN
repository.

More info: https://svn.boost.org/trac/boost/changeset/78326

Any plans to pick up this fix for firebreath-boost? Large companies don't
like their products to be using libraries which contain buffer overflow
vulnerabilities :-(


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Richard Bateman  
View profile  
 More options Jul 10 2012, 7:08 pm
From: Richard Bateman <rich...@batemansr.us>
Date: Tue, 10 Jul 2012 17:08:49 -0600
Local: Tues, Jul 10 2012 7:08 pm
Subject: Re: [firebreath-dev] Update version of Boost?
Print | Individual message | Show original | Report this message | Find messages by this author

This is the first I've heard about an actual vulnerability in the version of boost currently packaged with FireBreath.  I will update it as soon as I have the chance; that may not be this week. It's been on my to-do list for awhile.

In the mean time you have the following options to satisfy the management of whichever large company you're concerned about:

1) Update it yourself and send me a pull request
2) Use your own boost installation and the WITH_SYSTEM_BOOST option (for details look on the firebreath website, search for prep scripts)
3) Don't use boost pool

Hope that helps!

Richard

On Jul 10, 2012, at 16:57 , Colin wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Colin Blake  
View profile   Translate to Translated (View Original)
 More options Jul 10 2012, 7:21 pm
From: Colin Blake <co...@theblakes.com>
Date: Tue, 10 Jul 2012 16:21:43 -0700
Local: Tues, Jul 10 2012 7:21 pm
Subject: Re: [firebreath-dev] Update version of Boost?
Print | Individual message | Show original | Report this message | Find messages by this author

Super fast response, Richard, as usual.

If you'll be updating firebreath-boost sometime in the next couple of weeks
I'll just wait for that.

Thanks for all your hard work on FireBreath.

Colin.

On Tue, Jul 10, 2012 at 4:08 PM, Richard Bateman <rich...@batemansr.us>wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google