This release adds security/responsible disclosure guidelines and fixes a few issues with input validation in the chafa
command-line tool.
-
Added disclosure guidelines in
SECURITY.md
(suggested by @JamieSlome). -
Bug fixes:
- huntr.dev: Null pointer dereference in libnsgif with crafted GIF file (reported by @JieyongMa).
- [unfiled] File magic would not effectively rule out internal loaders.
- [unfiled] Very big images could cause absurd allocation requests triggering an abort in the loader.