[libvoikko] libvoikko 3.2.1rc1 (with security fix)
Harri Pitkänen
hatapitk at iki.fi
Thu May 19 20:22:27 EEST 2011
Bug fix release for libvoikko is available for testing at
http://www.puimula.org/htp/testing/libvoikko-3.2.1rc1.tar.gz
Fixes in this release affect only Python and Java interfaces. Embedded null
characters within input strings are now correctly handled in Python and Java
programs. Previously such characters could lead to erratic results or, in
Java, infinite loops.
I have not been able to confirm whether anything worse than infinite loops
could happen due to these bugs. Considering the possible denial of service
condition in the Java code I would say that this release fixes a low severity
security bug. I recommend that at least publicly accessible WWW services that
use either the Java or Python modules would upgrade to this release once it
has been tested and properly released. Upgrading the native library is not
necessary since no changes have been made to it.
Harri
More information about the Libvoikko
mailing list