|Reported by:||Douglas R. Reno||Owned by:||lfs-book|
New point version, containing security fixes for Bison itself (not generated code)
================================================================== * Noteworthy changes in release 3.7.2 (2020-09-05) [stable] This release of Bison fixes all known bugs reported for Bison in MITRE's Common Vulnerabilities and Exposures (CVE) system. These vulnerabilities are only about bison-the-program itself, not the generated code. Although these bugs are typically irrelevant to how Bison is used, they are worth fixing if only to give users peace of mind. There is no known vulnerability in the generated parsers. ** Bug fixes Fix concurrent build issues (introduced in Bison 3.5). Push parsers always use YYMALLOC/YYFREE (no direct calls to malloc/free). Fix portability issues of the test suite, and of bison itself. Some unlikely crashes found by fuzzing have been fixed. This is only about bison itself, not the generated parsers.
Note: See TracTickets for help on using tickets.