6703b707170d2f3f2029cd0c6e3ca68f89d0666c

~ chicken-core (chicken-5) 6703b707170d2f3f2029cd0c6e3ca68f89d0666c

commit 6703b707170d2f3f2029cd0c6e3ca68f89d0666c
Author:     Peter Bex <peter.bex@xs4all.nl>
AuthorDate: Mon May 19 16:45:44 2014 +0200
Commit:     Peter Bex <peter.bex@xs4all.nl>
CommitDate: Mon May 19 16:47:25 2014 +0200

    Add CVE-2014-3776 to NEWS

diff --git a/NEWS b/NEWS
index 719eaba5..f96f68bf 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,8 @@
 4.9.0
 
 - Security fixes
+  - CVE-2014-3776: read-u8vector! no longer reads beyond its buffer when
+    length is #f (thanks to Seth Alves).
   - CVE-2013-4385: read-string! no longer reads beyond its buffer when
     length is #f.
   - CVE-2013-1874: ./.csirc is no longer loaded from the current directory

Trap