~ chicken-core (chicken-5) 26372729662465373262eefffeac010edd1a74b4
commit 26372729662465373262eefffeac010edd1a74b4
Author: Peter Bex <peter@more-magic.net>
AuthorDate: Thu Dec 15 20:27:31 2016 +0100
Commit: Peter Bex <peter@more-magic.net>
CommitDate: Thu Dec 15 20:27:31 2016 +0100
Add CVE-2016-9954 number to changelog.
diff --git a/NEWS b/NEWS
index 2b097ed1..dabdd339 100644
--- a/NEWS
+++ b/NEWS
@@ -61,8 +61,8 @@
4.11.2
- Security fixes
- - Irregex has been updated to 0.9.6, which fixes an exponential
- explosion in compilation of nested "+" patterns.
+ - CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes
+ an exponential explosion in compilation of nested "+" patterns.
- Compiler:
- Fixed incorrect argvector restoration after GC in directly
diff --git a/irregex-core.scm b/irregex-core.scm
index 931fed14..c83aff9b 100644
--- a/irregex-core.scm
+++ b/irregex-core.scm
@@ -31,7 +31,7 @@
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; History
;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation
-;; of backtracking matcher.
+;; of backtracking matcher (CVE-2016-9954).
;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow
;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches
;; 0.9.3: 2014/07/01 - R7RS library
Trap