~ chicken-core (chicken-5) 670f32e87c9a723a982d9589170d18a55afcf2e0
commit 670f32e87c9a723a982d9589170d18a55afcf2e0
Author: Peter Bex <peter@more-magic.net>
AuthorDate: Thu Dec 15 20:26:49 2016 +0100
Commit: Peter Bex <peter@more-magic.net>
CommitDate: Thu Dec 15 20:26:49 2016 +0100
Add CVE-2016-9954 number to changelog.
diff --git a/NEWS b/NEWS
index cbadd618..fcdeabc2 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,8 @@
4.11.2
- Security fixes
- - Irregex has been updated to 0.9.6, which fixes an exponential
- explosion in compilation of nested "+" patterns.
+ - CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes
+ an exponential explosion in compilation of nested "+" patterns.
- Compiler:
- Fixed incorrect argvector restoration after GC in directly
diff --git a/irregex-core.scm b/irregex-core.scm
index 01e027b3..7ac043d3 100644
--- a/irregex-core.scm
+++ b/irregex-core.scm
@@ -31,7 +31,7 @@
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; History
;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation
-;; of backtracking matcher.
+;; of backtracking matcher (CVE-2016-9954).
;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow
;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches
;; 0.9.3: 2014/07/01 - R7RS library
Trap