* Updated: bzip2-1.0.3-1, libbz2_1-1.0.3-1
@ 2005-07-09 5:32 Charles Wilson
0 siblings, 0 replies; only message in thread
From: Charles Wilson @ 2005-07-09 5:32 UTC (permalink / raw)
To: cygwin-announce
bzip2 provides the bzip2.exe / bunzip2.exe executables, a
patent-unencumbered but highly effective compression tool.
CHANGES:
Routine update to upstream version 1.0.3
Addresses security issue CAN-2005-1260 "bzip2 allows remote attackers to
cause a denial of service (hard drive consumption) via a crafted bzip2
file that causes an infinite loop (a.k.a "decompression bomb")."
Addresses security issue CAN-2005-0953 "Race condition in bzip2 1.0.2
and earlier allows local users to modify permissions of arbitrary files
via a hard link attack on a file while it is being decompressed, whose
permissions are changed by bzip2 after the decompression is complete."
--
Charles Wilson
bzip2 volunteer maintainer for cygwin
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com
If you need more information on unsubscribing, start reading here:
http://sources.redhat.com/lists.html#unsubscribe-simple
Please read *all* of the information on unsubscribing that is available
starting at the above URL.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-07-09 5:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-07-09 5:32 Updated: bzip2-1.0.3-1, libbz2_1-1.0.3-1 Charles Wilson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).