From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 59025 invoked by alias); 29 Jan 2016 20:11:54 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 59011 invoked by uid 89); 29 Jan 2016 20:11:54 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=1.1 required=5.0 tests=BAYES_50,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=smoothly, vulnerability, H*RU:sk:BAY004-, Hx-spam-relays-external:sk:BAY004- X-HELO: BAY004-OMC4S18.hotmail.com Received: from bay004-omc4s18.hotmail.com (HELO BAY004-OMC4S18.hotmail.com) (65.54.190.220) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA256 encrypted) ESMTPS; Fri, 29 Jan 2016 20:11:53 +0000 Received: from BAY169-W135 ([65.54.190.200]) by BAY004-OMC4S18.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Fri, 29 Jan 2016 12:11:51 -0800 X-TMN: [eL6KLiFpOV1cFQtYujURlQe8ehaZsOM+] Message-ID: From: Tony Kelman To: "cygwin-apps@cygwin.com" Subject: RE: [SECURITY] p7zip: CVE-2015-1038 Date: Fri, 29 Jan 2016 20:11:00 -0000 In-Reply-To: <56AB9A3F.3040808@cygwin.com> References: <56AB9A3F.3040808@cygwin.com> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-IsSubscribed: yes X-SW-Source: 2016-01/txt/msg00058.txt.bz2 > Tony, > > A directory traversal vulnerability has been reported in p7zip-15.09. > Could you please spin a new release with the following patch: > > http://pkgs.fedoraproject.org/cgit/rpms/p7zip.git/plain/p7zip-15.09-CVE-2= 015-1038.patch > > -- > Yaakov Ack, will do today. Need to copy my ssh keys over to a new laptop, hopefull= y that will go smoothly and I've got all the build-deps installed. -Tony =20=09=09=20=09=20=20=20=09=09=20=20