From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9939 invoked by alias); 1 Nov 2012 21:46:44 -0000 Received: (qmail 9897 invoked by uid 22791); 1 Nov 2012 21:46:39 -0000 X-SWARE-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,KHOP_RCVD_TRUST,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE X-Spam-Check-By: sourceware.org Received: from mail-ie0-f171.google.com (HELO mail-ie0-f171.google.com) (209.85.223.171) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 01 Nov 2012 21:46:31 +0000 Received: by mail-ie0-f171.google.com with SMTP id s9so4479977iec.2 for ; Thu, 01 Nov 2012 14:46:30 -0700 (PDT) Received: by 10.43.57.5 with SMTP id we5mr35583480icb.23.1351806390377; Thu, 01 Nov 2012 14:46:30 -0700 (PDT) Received: from [192.168.0.100] (S0106000cf16f58b1.wp.shawcable.net. [24.79.200.150]) by mx.google.com with ESMTPS id b13sm431595igp.7.2012.11.01.14.46.29 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 01 Nov 2012 14:46:29 -0700 (PDT) Message-ID: <1351806394.10968.11.camel@YAAKOV04> Subject: [SECURITY] mcrypt From: "Yaakov (Cygwin/X)" To: cygwin-apps Date: Thu, 01 Nov 2012 21:46:00 -0000 Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com X-SW-Source: 2012-11/txt/msg00005.txt.bz2 Dr. Volker Zell, Security vulnerabilities (CVE-2012-4409, CVE-2012-4527) have been reported for the mcrypt package. Please rebuild 2.6.8 with the following patches: http://pkgs.fedoraproject.org/cgit/mcrypt.git/plain/mcrypt-CVE-2012-4409.patch http://pkgs.fedoraproject.org/cgit/mcrypt.git/plain/mcrypt-CVE-2012-4527-80-width-patch There are other patches in that git repo that you may wish to consider adding as well, if you haven't already. Thanks, Yaakov