fc6e933321563e9c11672a0a58ad8f83b8b5874f

~ chicken-core (chicken-5) fc6e933321563e9c11672a0a58ad8f83b8b5874f

commit fc6e933321563e9c11672a0a58ad8f83b8b5874f
Author:     Peter Bex <peter.bex@xs4all.nl>
AuthorDate: Mon May 19 16:45:44 2014 +0200
Commit:     Peter Bex <peter.bex@xs4all.nl>
CommitDate: Mon May 19 16:47:40 2014 +0200

    Add CVE-2014-3776 to NEWS

diff --git a/NEWS b/NEWS
index a7507186..18e7fa8b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 4.9.0
 
 - Security fixes
+  - CVE-2014-3776: read-u8vector! no longer reads beyond its buffer when
+    length is #f (thanks to Seth Alves).
   - CVE-2013-4385: read-string! no longer reads beyond its buffer when
     length is #f.
   - CVE-2013-1874: ./.csirc is no longer loaded from the current directory

Trap