From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 88269 invoked by alias); 2 Jun 2015 22:00:59 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 88251 invoked by uid 89); 2 Jun 2015 22:00:58 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.0 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_PASS autolearn=no version=3.3.2 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-GCM-SHA384 encrypted) ESMTPS; Tue, 02 Jun 2015 22:00:57 +0000 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (Postfix) with ESMTPS id 6237C19F215 for ; Tue, 2 Jun 2015 22:00:56 +0000 (UTC) Received: from YAAKOV04.redhat.com ([10.10.116.18]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t52M0sx2028668 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 2 Jun 2015 18:00:55 -0400 Message-ID: <1433282453.8324.95.camel@cygwin.com> Subject: [SECURITY] less From: Yaakov Selkowitz To: "cygwin-apps@cygwin.com" Date: Tue, 02 Jun 2015 22:00:00 -0000 Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2015-06/txt/msg00027.txt.bz2 Marco, An OOB vulnerability has been discovered in less; could you please update to 471 plus this patch: http://pkgs.fedoraproject.org/cgit/less.git/plain/less-471-out_of_bounds_read.patch There are other patches in that repo which you may wish to consider as well, mostly to do with option handling and documentation thereof. -- Yaakov