Discuss on Groups View on GitHub


Another security advisory -- Additional CPU amplification case

kentonv on 05 Mar 2015

Unfortunately, it turns out that our fix for one of the security advisories issued on Monday was not complete.

Fortunately, the incomplete fix is for the non-critical vulnerability. The worst case is that an attacker could consume excessive CPU time.

Nevertheless, we’ve issued a new advisory and pushed a new release:

Sorry for the rapid repeated releases, but we don’t like sitting on security bugs.