Vulnerability in SAS7BCAT reader

[MichaelChirico]

Surfacing this security issue here in case (1) anyone is keen to fix it and (2) as a flag to update the bundled sources once a fix is available.

WizardMac/ReadStat#299

[MichaelChirico]

FYI: there is a patch upstream:

WizardMac/ReadStat#303

Not clear how long it will take for that to be merged, so a cherry-pick may be prudent.

[gorcha]

Hi @MichaelChirico, thanks for the heads up!

Our preference is to wait for the changes to be made upstream so we don't diverge too much, but I'll keep this in mind next time we have changes to the readstat code.

[gorcha]

Confirming this fix was merged in to haven with the readstat update in a0e046f