|
|
Boost : |
From: Seth (bugs_at_[hidden])
Date: 2024-04-13 22:33:36
I'm curious. I have a fair bit of experience with Boost Graph[1]
I might have a look. At least as a triage step?
Let me know if I can still be of assistance,
Seth
[1] https://stackoverflow.com/search?q=user%3A85371+boost+graph
On Sat, Apr 13, 2024, at 8:58 AM, Jeremy Murphy via Boost wrote:
> Dear Boost community,
>
> I've recently received a few security issue notifications from both the
> Google Chrome fuzzer project and Shielder (part of an OSTIF project), and
> basically I'm not sure how much to worry about them. I don't have time to
> fix them (but I can review and merge fixes), and I don't know how to draw
> attention to the need to fix them without publicizing the issues (which are
> still not published). It all depends on how many people actually are
> exposed via Boost.Graph and to what severity, right? I have no idea, but my
> gut tells me not many, as most Boost.Graph users I hear about are just
> using it internally, not exposing the interfaces to input from the
> Internet. But I'm not a security expert, that's why I'm asking you. What
> should I do?
>
> Thanks, cheers.
>
> Jeremy
>
> _______________________________________________
> Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk