|
Boost : |
From: Jeremy Murphy (jeremy.william.murphy_at_[hidden])
Date: 2024-04-13 23:48:44
Thanks, Seth, I'll email you directly soon.
On Sun, 14 Apr 2024, 8:41â¯am Seth via Boost, <boost_at_[hidden]> wrote:
> I'm curious. I have a fair bit of experience with Boost Graph[1]
>
> I might have a look. At least as a triage step?
>
> Let me know if I can still be of assistance,
> Seth
>
> [1] https://stackoverflow.com/search?q=user%3A85371+boost+graph
>
> On Sat, Apr 13, 2024, at 8:58 AM, Jeremy Murphy via Boost wrote:
> > Dear Boost community,
> >
> > I've recently received a few security issue notifications from both the
> > Google Chrome fuzzer project and Shielder (part of an OSTIF project), and
> > basically I'm not sure how much to worry about them. I don't have time to
> > fix them (but I can review and merge fixes), and I don't know how to draw
> > attention to the need to fix them without publicizing the issues (which
> are
> > still not published). It all depends on how many people actually are
> > exposed via Boost.Graph and to what severity, right? I have no idea, but
> my
> > gut tells me not many, as most Boost.Graph users I hear about are just
> > using it internally, not exposing the interfaces to input from the
> > Internet. But I'm not a security expert, that's why I'm asking you. What
> > should I do?
> >
> > Thanks, cheers.
> >
> > Jeremy
> >
> > _______________________________________________
> > Unsubscribe & other changes:
> http://lists.boost.org/mailman/listinfo.cgi/boost
>
> _______________________________________________
> Unsubscribe & other changes:
> http://lists.boost.org/mailman/listinfo.cgi/boost
>
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk