From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 89730 invoked by alias); 25 Jan 2017 14:07:36 -0000 Mailing-List: contact cygwin-announce-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-announce-owner@cygwin.com Reply-To: The Cygwin Mailing List Mail-Followup-To: cygwin-announce@cygwin.com Received: (qmail 4476 invoked by uid 89); 25 Jan 2017 13:29:34 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.1 required=5.0 tests=BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=H*r:smtp, SECURITY, 4.5.0, screendevel X-HELO: resqmta-ch2-06v.sys.comcast.net From: Andrew Schulman To: cygwin-announce@cygwin.com Subject: [SECURITY] don't use screen 4.5.0-1 Date: Wed, 25 Jan 2017 14:07:00 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Archive: encrypt X-CMAE-Envelope: MS4wfOvBo+wYyVXtXUDEwGLgdS5BTh0PbKe8w0klMlGwOuxsFFybcdEIKXDFbJQuX0mO0uzuIfJQkWB6IEfqQ9tbkFC1FOtoKjryQMdTv77217cjY7vAWgBG 6dpIcV3CMggTOJTg7toOS4RyvssGKcUgJbrurZabN374TJT9X0It7MEkBvvZHQhMnsuSz9iJevd0ww== X-SW-Source: 2017-01/txt/msg00043.txt.bz2 I recently updated the screen package in Cygwin to version 4.5.0-1. This ve= rsion turns out to have at least one security problem [1], and maybe other serious bugs too. So I've asked for it to be removed from the Cygwin archives. If you've installed screen 4.5.0-1, you should downgrade to the previous release, 4.4.0-1. A new release that fixes the problems in 4.5.0 is expecte= d out next month. Andrew [1] http://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html