public inbox for cygwin-apps@cygwin.com
 help / color / mirror / Atom feed
* [SECURITY] arc
@ 2015-02-18  2:07 Yaakov Selkowitz
  2015-02-19 10:19 ` [SECURITY] arc 5.21p-1 (UPLOADED) Jari Aalto
  0 siblings, 1 reply; 3+ messages in thread
From: Yaakov Selkowitz @ 2015-02-18  2:07 UTC (permalink / raw)
  To: cygwin-apps; +Cc: Jari Aalto

Jari,

A directory traversal vulnerability has been found in arc.  Please add
the following patches to the arc package ASAP:

http://pkgs.fedoraproject.org/cgit/arc.git/plain/arc-5.21p-hdrv1-read-fix.patch
http://pkgs.fedoraproject.org/cgit/arc.git/plain/arc-5.21p-fix-arcdie.patch
http://pkgs.fedoraproject.org/cgit/arc.git/plain/arc-5.21p-directory-traversel.patch

BTW there are also some documentation patches in that repo which you may
wish to consider adding.

TIA,

Yaakov


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [SECURITY] arc 5.21p-1 (UPLOADED)
  2015-02-18  2:07 [SECURITY] arc Yaakov Selkowitz
@ 2015-02-19 10:19 ` Jari Aalto
  2015-02-19 17:10   ` Yaakov Selkowitz
  0 siblings, 1 reply; 3+ messages in thread
From: Jari Aalto @ 2015-02-19 10:19 UTC (permalink / raw)
  To: Yaakov Selkowitz; +Cc: cygwin-apps

2015-02-18 04:06 Yaakov Selkowitz <yselkowitz@cygwin.com>:
| Jari,
|
| A directory traversal vulnerability has been found in arc.  Please add
| the following patches to the arc package ASAP:

Uploaded both 5.21p-2 and 5.21q-1 with patches included.
Jari

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [SECURITY] arc 5.21p-1 (UPLOADED)
  2015-02-19 10:19 ` [SECURITY] arc 5.21p-1 (UPLOADED) Jari Aalto
@ 2015-02-19 17:10   ` Yaakov Selkowitz
  0 siblings, 0 replies; 3+ messages in thread
From: Yaakov Selkowitz @ 2015-02-19 17:10 UTC (permalink / raw)
  To: cygwin-apps

On Thu, 2015-02-19 at 12:19 +0200, Jari Aalto wrote:
> 2015-02-18 04:06 Yaakov Selkowitz:
> | A directory traversal vulnerability has been found in arc.  Please add
> | the following patches to the arc package ASAP:
> 
> Uploaded both 5.21p-2 and 5.21q-1 with patches included.

Thanks,

Yaakov


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-02-19 17:10 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-18  2:07 [SECURITY] arc Yaakov Selkowitz
2015-02-19 10:19 ` [SECURITY] arc 5.21p-1 (UPLOADED) Jari Aalto
2015-02-19 17:10   ` Yaakov Selkowitz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).