Opened 3 years ago

Closed 3 years ago

#4724 closed task (fixed)


Reported by: Douglas R. Reno Owned by: lfs-book
Priority: high Milestone: 10.1
Component: Book Version: SVN
Severity: normal Keywords:


New point version, containing security fixes for Bison itself (not generated code)


* Noteworthy changes in release 3.7.2 (2020-09-05) [stable]

  This release of Bison fixes all known bugs reported for Bison in MITRE's
  Common Vulnerabilities and Exposures (CVE) system.  These vulnerabilities
  are only about bison-the-program itself, not the generated code.

  Although these bugs are typically irrelevant to how Bison is used, they
  are worth fixing if only to give users peace of mind.

  There is no known vulnerability in the generated parsers.

** Bug fixes

  Fix concurrent build issues (introduced in Bison 3.5).

  Push parsers always use YYMALLOC/YYFREE (no direct calls to malloc/free).

  Fix portability issues of the test suite, and of bison itself.

  Some unlikely crashes found by fuzzing have been fixed.  This is only
  about bison itself, not the generated parsers.

Change History (1)

comment:1 by Bruce Dubbs, 3 years ago

Resolution: fixed
Status: newclosed

Fixed at revision 12047.

Note: See TracTickets for help on using tickets.