The latest version of POCO 1.7.2 release has been announced. POCO is a set of open source C++ class libraries used for building networking and Internet applications. This library is cross platform ideal for developing from Desktop and Server computing environments to Mobile and Embedded Devices.
This version is a Common Vulnerabilities and Exposures (CVE) bug fix release which allows a remote attacker to cause a denial of service (DOS) (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data.
In addition to the CVE fix, POCO 1.7.2 comes with an updated bundled SQLite library to version 3.11.1. There is a bug fix in Poco::Data::RecordSet. The bundled expat XML library has been upgraded to version 2.1.1.
You can head over to the download page to get the latest copy of this library.
Ref:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283
https://raw.githubusercontent.com/pocoproject/poco/poco-1.7.2-release/CHANGELOG
Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.