MichaelChirico
commented
1 year ago FYI: there is a patch upstream:
https://github.com/WizardMac/ReadStat/pull/303
Not clear how long it will take for that to be merged, so a cherry-pick may be prudent.
Open MichaelChirico opened 1 year ago
MichaelChirico
commented
1 year ago FYI: there is a patch upstream:
https://github.com/WizardMac/ReadStat/pull/303
Not clear how long it will take for that to be merged, so a cherry-pick may be prudent.
gorcha
commented
1 year ago Hi @MichaelChirico, thanks for the heads up!
Our preference is to wait for the changes to be made upstream so we don't diverge too much, but I'll keep this in mind next time we have changes to the readstat code.
Surfacing this security issue here in case (1) anyone is keen to fix it and (2) as a flag to update the bundled sources once a fix is available.
https://github.com/WizardMac/ReadStat/issues/299