[16986] in bugtraq
ITS4 version 1.1 released
daemon@ATHENA.MIT.EDU (John Viega)
Mon Oct 2 00:12:24 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="yrj/dFKFPuw6o+aM"
Content-Disposition: inline
Message-ID: <20001001155550.A29087@list.org>
Date: Sun, 1 Oct 2000 15:55:50 -0700
Reply-To: John Viega <viega@LIST.ORG>
From: John Viega <viega@LIST.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
--yrj/dFKFPuw6o+aM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Version 1.1 of ITS4, the C/C++ source code security scanner, has been
released. It is available from http://www.cigital.com/its4
Major changes include:
- Added handlers for format string attacks, along w/ some supporting code.
- Support was added to integrate ITS4 with the Visual Studio GUI. =20
Directions are in the INSTALL file. Thanks to Bob Fleck
(rfleck@cigital.com) for this contribution.
- By default, identifiers with the same names as "bad" functions
are not flagged, even though there is a slight chance that macro
magic could be hiding a real problem. If you want the old behavior,
use the flag "--paranoid".
- Fixed a bug that redefined __cplusplus for most Solaris users without
a getopt_long (Reported by lots and lots of people... thanks, all!).
- Fixed several small bugs that probably have no impact on most users.
The most important is that numbers are parsed as if ITS4 is a=20
preprocessor, not a C parser. This helps ITS4 address many
language extensions without choking (but not all). =20
- Reliable Software Technologies changed its name to Cigital, Inc.
The documentation and license have been modified to reflect this change.
I also switched the signing key to my GPG key, which can be looked up
on most major keyservers. The digital signature for the release is
available at:
http://www.cigital.com/its4/jviega/its4-1.1.tgz.asc
John
--yrj/dFKFPuw6o+aM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE518D16G5NxBeqKQ4RAiHKAJ4tm1PXHMo6C+eeyuDBY3fjblFC/QCdFhDr
v9zvut6XHxtKLcXBZEymhXU=
=BVnD
-----END PGP SIGNATURE-----
--yrj/dFKFPuw6o+aM--
