I'm curious. I have a fair bit of experience with Boost Graph[1] I might have a look. At least as a triage step? Let me know if I can still be of assistance, Seth [1] https://stackoverflow.com/search?q=user%3A85371+boost+graph On Sat, Apr 13, 2024, at 8:58 AM, Jeremy Murphy via Boost wrote:
Dear Boost community,
I've recently received a few security issue notifications from both the Google Chrome fuzzer project and Shielder (part of an OSTIF project), and basically I'm not sure how much to worry about them. I don't have time to fix them (but I can review and merge fixes), and I don't know how to draw attention to the need to fix them without publicizing the issues (which are still not published). It all depends on how many people actually are exposed via Boost.Graph and to what severity, right? I have no idea, but my gut tells me not many, as most Boost.Graph users I hear about are just using it internally, not exposing the interfaces to input from the Internet. But I'm not a security expert, that's why I'm asking you. What should I do?
Thanks, cheers.
Jeremy
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost