From: Niels Möller Date: Fri, 2 Jan 2026 15:48:55 +0000 (+0100) Subject: ChangeLog and NEWS update for sexp parser fixes. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4dc3da9db75257e84a3365a9e01473573f41dd66;p=thirdparty%2Fnettle.git ChangeLog and NEWS update for sexp parser fixes. --- diff --git a/ChangeLog b/ChangeLog index 203d5f9f..0239f641 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2026-01-02 Niels Möller + + * sexp.c (sexp_iterator_exit_list): Rewrite to not recurse via + sexp_iterator_next. + 2025-12-17 Niels Möller * sexp.c (sexp_iterator_simple): Fix off-by-one error in length diff --git a/NEWS b/NEWS index 8b6d095a..b9bba8b9 100644 --- a/NEWS +++ b/NEWS @@ -130,6 +130,13 @@ NEWS for the Nettle 4.0 release Baryshkov years ago, but delayed, since it implies an ABI break. + Bug fixes: + + * Fix off-by-one bug in sexp parser, which could result in a + one byte overread on invalid input. Also fix excessive + recursion and stack usage for some inputs. Both problems + reported via oss-fuzz. + New features: * Support for SLH-DSA signatures (stateless hash-based digital