Boost :

From: Jeremy Murphy (jeremy.william.murphy_at_[hidden])
Date: 2024-04-13 06:58:58

• Next message: Artyom Beilis: "Re: Boost.Graph security issues"
• Previous message: Alain O' Miniussi: "Re: [release] Boost 1.85.0 Release Candidate 3 is available"
• Next in thread: Artyom Beilis: "Re: Boost.Graph security issues"
• Reply: Artyom Beilis: "Re: Boost.Graph security issues"
• Reply: Seth: "Re: Boost.Graph security issues"

Dear Boost community,

I've recently received a few security issue notifications from both the
Google Chrome fuzzer project and Shielder (part of an OSTIF project), and
basically I'm not sure how much to worry about them. I don't have time to
fix them (but I can review and merge fixes), and I don't know how to draw
attention to the need to fix them without publicizing the issues (which are
still not published). It all depends on how many people actually are
exposed via Boost.Graph and to what severity, right? I have no idea, but my
gut tells me not many, as most Boost.Graph users I hear about are just
using it internally, not exposing the interfaces to input from the
Internet. But I'm not a security expert, that's why I'm asking you. What
should I do?

Thanks, cheers.

Jeremy

• Next message: Artyom Beilis: "Re: Boost.Graph security issues"
• Previous message: Alain O' Miniussi: "Re: [release] Boost 1.85.0 Release Candidate 3 is available"
• Next in thread: Artyom Beilis: "Re: Boost.Graph security issues"
• Reply: Artyom Beilis: "Re: Boost.Graph security issues"
• Reply: Seth: "Re: Boost.Graph security issues"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk