Mercurial > hg > sv-dependency-builds
annotate src/capnproto-0.6.0/doc/_posts/2015-03-05-another-cpu-amplification.md @ 84:08ae793730bd
Add null config files
| author | Chris Cannam |
|---|---|
| date | Mon, 02 Mar 2020 14:03:47 +0000 |
| parents | 0994c39f1e94 |
| children |
| rev | line source |
|---|---|
| cannam@62 | 1 --- |
| cannam@62 | 2 layout: post |
| cannam@62 | 3 title: "Another security advisory -- Additional CPU amplification case" |
| cannam@62 | 4 author: kentonv |
| cannam@62 | 5 --- |
| cannam@62 | 6 |
| cannam@62 | 7 Unfortunately, it turns out that our fix for one of [the security advisories issued on Monday](2015-03-02-security-advisory-and-integer-overflow-protection.html) was not complete. |
| cannam@62 | 8 |
| cannam@62 | 9 Fortunately, the incomplete fix is for the non-critical vulnerability. The worst case is that an attacker could consume excessive CPU time. |
| cannam@62 | 10 |
| cannam@62 | 11 Nevertheless, we've issued [a new advisory](https://github.com/sandstorm-io/capnproto/tree/master/security-advisories/2015-03-05-0-c++-addl-cpu-amplification.md) and pushed a new release: |
| cannam@62 | 12 |
| cannam@62 | 13 - Release 0.5.1.2: [source](https://capnproto.org/capnproto-c++-0.5.1.2.tar.gz), [win32](https://capnproto.org/capnproto-c++-win32-0.5.1.2.zip) |
| cannam@62 | 14 - Release 0.4.1.2: [source](https://capnproto.org/capnproto-c++-0.4.1.2.tar.gz) |
| cannam@62 | 15 |
| cannam@62 | 16 Sorry for the rapid repeated releases, but we don't like sitting on security bugs. |