Mercurial > hg > sv-dependency-builds
comparison src/capnproto-git-20161025/doc/_posts/2015-03-05-another-cpu-amplification.md @ 133:1ac99bfc383d
Add Cap'n Proto source
| author | Chris Cannam <cannam@all-day-breakfast.com> |
|---|---|
| date | Tue, 25 Oct 2016 11:17:01 +0100 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| 132:42a73082be24 | 133:1ac99bfc383d |
|---|---|
| 1 --- | |
| 2 layout: post | |
| 3 title: "Another security advisory -- Additional CPU amplification case" | |
| 4 author: kentonv | |
| 5 --- | |
| 6 | |
| 7 Unfortunately, it turns out that our fix for one of [the security advisories issued on Monday](2015-03-02-security-advisory-and-integer-overflow-protection.html) was not complete. | |
| 8 | |
| 9 Fortunately, the incomplete fix is for the non-critical vulnerability. The worst case is that an attacker could consume excessive CPU time. | |
| 10 | |
| 11 Nevertheless, we've issued [a new advisory](https://github.com/sandstorm-io/capnproto/tree/master/security-advisories/2015-03-05-0-c++-addl-cpu-amplification.md) and pushed a new release: | |
| 12 | |
| 13 - Release 0.5.1.2: [source](https://capnproto.org/capnproto-c++-0.5.1.2.tar.gz), [win32](https://capnproto.org/capnproto-c++-win32-0.5.1.2.zip) | |
| 14 - Release 0.4.1.2: [source](https://capnproto.org/capnproto-c++-0.4.1.2.tar.gz) | |
| 15 | |
| 16 Sorry for the rapid repeated releases, but we don't like sitting on security bugs. |