Date: Sun, 1 Oct 2000 15:55:50 -0700 Subject: ITS4 version 1.1 released To: BUGTRAQ@SECURITYFOCUS.COM --yrj/dFKFPuw6o+aM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Version 1.1 of ITS4, the C/C++ source code security scanner, has been released. It is available from http://www.cigital.com/its4 Major changes include: - Added handlers for format string attacks, along w/ some supporting code. - Support was added to integrate ITS4 with the Visual Studio GUI. Directions are in the INSTALL file. Thanks to Bob Fleck (rfleck@cigital.com) for this contribution. - By default, identifiers with the same names as "bad" functions are not flagged, even though there is a slight chance that macro magic could be hiding a real problem. If you want the old behavior, use the flag "--paranoid". - Fixed a bug that redefined __cplusplus for most Solaris users without a getopt_long (Reported by lots and lots of people... thanks, all!). - Fixed several small bugs that probably have no impact on most user The most important is that numbers are parsed as if ITS4 is a preprocessor, not a C parser. This helps ITS4 address many language extensions without choking (but not all). - Reliable Software Technologies changed its name to Cigital, Inc. The documentation and license have been modified to reflect this change. I also switched the signing key to my GPG key, which can be looked up on most major keyservers. The digital signature for the release is available at: http://www.cigital.com/its4/jviega/its4-1.1.tgz.asc John --yrj/dFKFPuw6o+aM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE518D16G5NxBeqKQ4RAiHKAJ4tm1PXHMo6C+eeyuDBY3fjblFC/QCdFhDr v9zvut6XHxtKLcXBZEymhXU=BVnD -----END PGP SIGNATURE----- --yrj/dFKFPuw6o+aM--