I am pleased to announce the release of LibAST 0.7. The release summary is below. Please note that this release contains an important security fix; all users of LibAST are STRONGLY encouraged to update to this latest version immediately. The latest version can be obtained in source, RPM, and SRPM forms at: http://www.eterm.org/download/ Release Notes: -------------- The string class is now both an interface and an implementation so that parallel implementations (e.g., a gstring wrapper) can be created. Detection of Imlib2 support, and a pixmap leak when it was disabled, were fixed. Also some fixes for gcc4 and newer autotools have been included. This release also contains a security fix for CVE-2006-0224, a buffer overflow vulnerability discovered by Rosiello Security (www.rosiello.org) which could lead to privilege escalation in setuid/setgid applications using LibAST's configuration engine. This includes any platforms on which Eterm is setuid/setgid (e.g., setgid utmp). Thanks to Angelo Rosiello and his team for discovering this issue and coordinating with me for the fix and release. More details on the vulnerability are available at http://www.rosiello.org/en/read_bugs.php?id=25 Michael -- Michael Jennings (a.k.a. KainX) http://www.kainx.org/ <mej@xxxxxxxxx> n + 1, Inc., http://www.nplus1.net/ Author, Eterm (www.eterm.org) ----------------------------------------------------------------------- "Don't risk more than you can afford to walk away without." -- Rule of Life #39
