Closed a11apurva closed 4 years ago
GitMensch
commented
4 years ago "soon" - see #56 which also contains a testing build of 3.7 - should be fine if your sources don't use non-ascii token literals (and don't expect the color options to be available).
a11apurva
commented
4 years ago Okay, thank you for this information.
a11apurva
commented
4 years ago Hi @GitMensch, @lexxmark,
All the open CVEs have been closed in Bison-3.7.2 which has been recently released.
GNU Bison NEWS
Noteworthy changes in release 3.7.2 (2020-09-05) [stable]
This release of Bison fixes all known bugs reported for Bison in MITRE's Common Vulnerabilities and Exposures (CVE) system. These vulnerabilities are only about bison-the-program itself, not the generated code.
Would there be a win-bison update incorporating these changes any time soon?
lexxmark
commented
4 years ago Hi @a11apurva, we should definitely adopt bison 3.7.2 I cannot guarantee it will be soon.
Because of a CVE we are looking for Bison 3.5.4 or higher version.
I can see that version 2.5.22 (bison 3.5.0) is the last stable release. Is there any timeline for any 3.5.4+ stable release?
Thank you!