<html><head></head><body><div><div><div><div>Happy to announce <a href="https://hackage.haskell.org/package/base64-bytestring-1.2.1.0">https://hackage.haskell.org/package/base64-bytestring-1.2.1.0</a>, with the fix. <br/></div><div><br/></div><div>Thanks again for raising this. For future versions, there I'd like to put out an open invitation to the community  to help harden the existing baseN libraries. Feel free to get in touch with me on their respective issue trackers. <br/></div><div><br/></div><div>Cheers,<br/></div><div>Emily<br/></div></div><div><div style="display: none; border: 0px; width: 0px; height: 0px; overflow: hidden; visibility: hidden;"><img src="https://r.superhuman.com/ErK5ZYXplOuVgWHYgsfyil5hvB8a6m9YWWrdYMPIhngJPIm5YD0OawouiA6aXhSlk11OXJlL1CHz30tOfVRM_ZCRMM99wN4nm56X6HEYqEY4iNyuBh3CHfdXw9CpcuTRBXJ2JrrG7eITrYj0ADVK8rO1h94kumk291oLQPDnt8Ty8azNBxcshmO2zGo.gif" alt=" " width="1" height="0" style="display: none; border: 0px; width: 0px; height: 0px; overflow: hidden; visibility: hidden;"/><!--                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                --></div><br/><div class="gmail_signature"></div></div><br/><div><div class="gmail_quote">On Tue, Aug 03, 2021 at 2:44 PM, Hécate <span dir="ltr"><<a href="mailto:hecate@glitchbra.in" target="_blank">hecate@glitchbra.in</a>></span> wrote:<br/><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_extra"><div class="gmail_quote sh-color-black sh-color" style="null" id="null"><p class="sh-color-black sh-color">Wonderful, happy to know it's been resolved!
</p><p class="sh-color-black sh-color">
Le 03/08/2021 à 05:40, Fraser Tweedale a écrit :
</p><blockquote class="sh-color-black sh-color"><p class="sh-color-black sh-color">
A new proposed fix is being discussed in
<br/>
<a target="_blank" rel="noopener noreferrer" href="https://github.com/haskell/base64-bytestring/pull/46">https:/<wbr/>/<wbr/>github.<wbr/>com/<wbr/>haskell/<wbr/>base64-bytestring/<wbr/>pull/<wbr/>46</a>.
</p><p class="sh-color-black sh-color">
Expect a fix merged and new release sometime in the next few days.
</p><p class="sh-color-black sh-color">
Big thanks to all involved in pinpointing and resolving this issue.
</p><p class="sh-color-black sh-color">
Cheers,
<br/>
Fraser
</p><p class="sh-color-black sh-color">
On Mon, Aug 02, 2021 at 11:52:52PM +0200, Hécate wrote:
</p><blockquote class="sh-color-black sh-color"><p class="sh-color-black sh-color">
Hi Fraser, do you have further information about this situation?
</p><p class="sh-color-black sh-color">
Le 25/07/2021 à 07:50, Fraser Tweedale a écrit :
</p><blockquote class="sh-color-black sh-color"><p class="sh-color-black sh-color">
Hello,
</p><p class="sh-color-black sh-color">
I want to bring to wider attention a memory bug present in
base64-bytestring[1].  In summary, in some cases too few bytes are
allocated for the output when performing base64url decoding.  This
can lead to memory corruption (which I have observed[2]), and
possibly crashes (which I have not observed).
</p><p class="sh-color-black sh-color">
I submitted a pull request[2] that fixes the issue some days ago,
but did not receive a response from the maintainers yet.  I
understand that maintainers may be busy or unavailable, and that is
fine.  So I am posting here mainly to ensure that USERS are aware of
the issue.
</p><p class="sh-color-black sh-color">
To maintainers: let me know if I can provider further assistance to
resolve this issue and release a fix.
</p><p class="sh-color-black sh-color">
[1] <a target="_blank" rel="noopener noreferrer" href="https://github.com/haskell/base64-bytestring/issues/44">https:/<wbr/>/<wbr/>github.<wbr/>com/<wbr/>haskell/<wbr/>base64-bytestring/<wbr/>issues/<wbr/>44</a>
<br/>
[2] <a target="_blank" rel="noopener noreferrer" href="https://github.com/frasertweedale/hs-jose/issues/102">https:/<wbr/>/<wbr/>github.<wbr/>com/<wbr/>frasertweedale/<wbr/>hs-jose/<wbr/>issues/<wbr/>102</a>
<br/>
[3] <a target="_blank" rel="noopener noreferrer" href="https://github.com/haskell/base64-bytestring/pull/45">https:/<wbr/>/<wbr/>github.<wbr/>com/<wbr/>haskell/<wbr/>base64-bytestring/<wbr/>pull/<wbr/>45</a>
</p><p class="sh-color-black sh-color">
Thanks,
<br/>
Fraser
<br/>
_______________________________________________
<br/>
Haskell-Cafe mailing list
<br/>
To (un)subscribe, modify options or view archives go to:
<a target="_blank" rel="noopener noreferrer" href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe">http:/<wbr/>/<wbr/>mail.<wbr/>haskell.<wbr/>org/<wbr/>cgi-bin/<wbr/>mailman/<wbr/>listinfo/<wbr/>haskell-cafe</a>
Only members subscribed via the mailman list are allowed to post.
</p></blockquote><p class="sh-color-black sh-color">
-- 
<br/>
Hécate <img src="https://emojis.superhuman.com/2728.png" alt="✨" title="✨" style="height: 15px !important; width: 15px !important; vertical-align: text-bottom !important;" height="15" width="15"/>
<br/>
<img src="https://emojis.superhuman.com/1F426.png" alt="🐦" title="🐦" style="height: 15px !important; width: 15px !important; vertical-align: text-bottom !important;" height="15" width="15"/>: @TechnoEmpress
<br/>
IRC: Hecate
<br/>
WWW: <a target="_blank" rel="noopener noreferrer" href="https://glitchbra.in/">https:/<wbr/>/<wbr/>glitchbra.<wbr/>in</a>
<br/>
RUN: BSD
</p><p class="sh-color-black sh-color">
_______________________________________________
<br/>
Haskell-Cafe mailing list
<br/>
To (un)subscribe, modify options or view archives go to:
<a target="_blank" rel="noopener noreferrer" href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe">http:/<wbr/>/<wbr/>mail.<wbr/>haskell.<wbr/>org/<wbr/>cgi-bin/<wbr/>mailman/<wbr/>listinfo/<wbr/>haskell-cafe</a>
Only members subscribed via the mailman list are allowed to post.
</p></blockquote></blockquote><p class="sh-color-black sh-color">
-- 
<br/>
Hécate <img src="https://emojis.superhuman.com/2728.png" alt="✨" title="✨" style="height: 15px !important; width: 15px !important; vertical-align: text-bottom !important;" height="15" width="15"/>
<br/>
<img src="https://emojis.superhuman.com/1F426.png" alt="🐦" title="🐦" style="height: 15px !important; width: 15px !important; vertical-align: text-bottom !important;" height="15" width="15"/>: @TechnoEmpress
<br/>
IRC: Hecate
<br/>
WWW: <a target="_blank" rel="noopener noreferrer" href="https://glitchbra.in/">https:/<wbr/>/<wbr/>glitchbra.<wbr/>in</a>
<br/>
RUN: BSD
</p><p class="sh-color-black sh-color">
_______________________________________________
<br/>
Haskell-Cafe mailing list
<br/>
To (un)subscribe, modify options or view archives go to:
<a target="_blank" rel="noopener noreferrer" href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe">http:/<wbr/>/<wbr/>mail.<wbr/>haskell.<wbr/>org/<wbr/>cgi-bin/<wbr/>mailman/<wbr/>listinfo/<wbr/>haskell-cafe</a>
Only members subscribed via the mailman list are allowed to post.</p></div></div></blockquote></div></div><br/></div></div></body></html>