From: Charles Wilson <cygwin@cwilson.fastmail.fm>
To: cygwin-announce@cygwin.com
Subject: Updated: mingw-bzip2-1.0.3-1, mingw-libbz2_1-1.0.3-1
Date: Sat, 09 Jul 2005 05:32:00 -0000 [thread overview]
Message-ID: <42CF6120.9080200@cwilson.fastmail.fm> (raw)
The mingw-bzip2 package has been updated to version 1.0.3-1.
mingw-bzip2 provides the static library, DLL import library, and header
files for building non-cygwin applications (like setup.exe) which need
access to bzip2 compression algorithms. mingw-libbz2_1 provides the
corresponding DLL.
These libraries are built using the standard windows runtime library and
NOT cygwin; it is used by setup.exe among other tools. No executables
(like bzip2.exe) are provided by these packages. Use the cygwin
versions instead, or go to the bzip2 homepage at http://www.bzip2.org/
for native windows executables.
CHANGES:
Routine update to upstream version 1.0.3
Addresses security issue CAN-2005-1260 "bzip2 allows remote attackers to
cause a denial of service (hard drive consumption) via a crafted bzip2
file that causes an infinite loop (a.k.a "decompression bomb")."
Addresses security issue CAN-2005-0953 "Race condition in bzip2 1.0.2
and earlier allows local users to modify permissions of arbitrary files
via a hard link attack on a file while it is being decompressed, whose
permissions are changed by bzip2 after the decompression is complete."
--
Chuck
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com
If you need more information on unsubscribing, start reading here:
http://sources.redhat.com/lists.html#unsubscribe-simple
Please read *all* of the information on unsubscribing that is available
starting at the above URL.
reply other threads:[~2005-07-09 5:32 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42CF6120.9080200@cwilson.fastmail.fm \
--to=cygwin@cwilson.fastmail.fm \
--cc=cygwin-announce@cygwin.com \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).