From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-apps-return-34354-listarch-cygwin-apps=sources.redhat.com@cygwin.com>
Received: (qmail 19101 invoked by alias); 9 Apr 2014 04:37:17 -0000
Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm
Precedence: bulk
Sender: cygwin-apps-owner@cygwin.com
List-Id: <cygwin-apps.cygwin.com>
List-Subscribe: <mailto:cygwin-apps-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-help@cygwin.com>, <http://sourceware.org/lists.html#faqs>
Mail-Followup-To: cygwin-apps@cygwin.com
Received: (qmail 19082 invoked by uid 89); 9 Apr 2014 04:37:15 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.7 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mail-ie0-f170.google.com
Received: from mail-ie0-f170.google.com (HELO mail-ie0-f170.google.com) (209.85.223.170) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Wed, 09 Apr 2014 04:37:14 +0000
Received: by mail-ie0-f170.google.com with SMTP id rd18so1966945iec.1        for <cygwin-apps@cygwin.com>; Tue, 08 Apr 2014 21:37:12 -0700 (PDT)
X-Received: by 10.50.60.103 with SMTP id g7mr2614997igr.20.1397018232658;        Tue, 08 Apr 2014 21:37:12 -0700 (PDT)
Received: from [192.168.0.101] (S0106000cf16f58b1.wp.shawcable.net. [24.79.212.134])        by mx.google.com with ESMTPSA id pi3sm8590485igb.5.2014.04.08.21.37.09        for <cygwin-apps@cygwin.com>        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);        Tue, 08 Apr 2014 21:37:10 -0700 (PDT)
Message-ID: <5344CE79.8060104@users.sourceforge.net>
Date: Wed, 09 Apr 2014 04:37:00 -0000
From: "Yaakov (Cygwin/X)" <yselkowitz@users.sourceforge.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: cygwin-apps@cygwin.com
Subject: [SECURITY] jbigkit (CVE-2013-6369)
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-SW-Source: 2014-04/txt/msg00033.txt.bz2

Chuck,

A vulnerability has been announced in jbigkit[1][2]; please either 
update to 2.1, or add the following patch to 2.0:

http://pkgs.fedoraproject.org/cgit/jbigkit.git/plain/jbigkit-CVE-2013-6369.patch

TIA,


Yaakov

[1] https://www.cl.cam.ac.uk/~mgk25/jbigkit/CHANGES
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1032273