| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:mime-version:from:date:message-id | |
| :subject:to:content-type; q=dns; s=default; b=Aqb0ZlzJXQPCf8QjQT | |
| DyQQPUkw9avLcMwfsuoUjoheFhf4oTa15Hg1OP2JC3wSLK9QIGJrxhjEdMam4b50 | |
| f+eIffz4ByFcAqOc3i2mBOi7q+duCJMCzMQG5kvUgv1TSYrYkdj4EZITM3ZNfzNn | |
| etT66KZgSyErQGSMqr/X0sr1o= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:mime-version:from:date:message-id | |
| :subject:to:content-type; s=default; bh=zBUUgXQnptyd+KfTC8fEklEs | |
| Zlg=; b=DHMBbheuAJ49LIEwDbaW1r1Ywxq6QTKdldxJkwzbqRGfjfBg0DTeM4NG | |
| CP2MnrvYAs5uJD0ZAHeAVRKJFd/OVRv5raloMcBgBJ/tJGZR9A6Z/4jYiLH/wBlb | |
| 0folsRPIETIjHeTrWGwvQ1mD1IFw7OKkA7TqVm9WyFAqRvWzeUw= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-HELO: | localhost.localdomain |
| Reply-To: | cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=4.9 required=5.0 tests=AWL,BAYES_40,FREEMAIL_FROM,KAM_FROM_URIBL_PCCC,RCVD_IN_DNSWL_LOW,SPF_PASS,UNSUBSCRIBE_BODY autolearn=no version=3.3.2 |
| X-Received: | by 10.229.227.71 with SMTP id iz7mr15256412qcb.0.1427323764259; Wed, 25 Mar 2015 15:49:24 -0700 (PDT) |
| MIME-Version: | 1.0 |
| From: | Kyzer <stuart DOT caie AT gmail DOT com> |
| Date: | Wed, 25 Mar 2015 22:49:04 +0000 |
| Message-Id: | <announce.CAOCY71Dh=N_v9iQxs==UsZBq+mTiojnesx_Gp+PspQcxdJnk1A@mail.gmail.com> |
| Subject: | [ANNOUNCEMENT] Updated: cabextract-1.6-1 |
| To: | cygwin AT cygwin DOT com |
| X-IsSubscribed: | yes |
Version1.6-1 of "cabextract" has been uploaded.
cabextract is a utility for extracting Microsoft Cabinet (.CAB) files
This update fixes a number of security bugs:
* CVE-2014-9556: A CAB file with invalid file offset or length (where
offset + length == 2^32) causes an infinite loop in the Quantum
decoder on 32-bit architectures. [Debian bugs #772891, #773041]
* CVE-2015-2060: A CAB file with overlong UTF-8 encodings for "/" can
get its files extracted to an absolute path instead of the current
directory. [Debian bug #778753]
* On Cygwin, a CAB file using both "/" and "\" can evade checks for
absolute files and "../" directory traversals and can get its files
extracted to any path.
* A CAB file with two folders, the second folder invalid, and a file
decompression order of folder 1, 2, 1, causes execution to jump to
NULL. [Debian bugs #773659, #774665]
* A CAB file with MSZIP-compressed data and a distance code of 30
causes a 1 byte over-read [Debian bug #775498]
* A CAB file with zero-length filenames causes a 1 byte over-read.
* A CAB file with invalid UTF-8 encoded filenames causes over-read of
up to 5 bytes.
* A CAB file with LZX-compressed data ending early during an odd-sized
uncompressed block can cause a 1-byte under-read. [Debian bug #775499]
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
cygwin-announce-unsubscribe-you=yourdomain.com <at> cygwin.com
If you need more information on unsubscribing, start reading here:
http://sourceware.org/lists.html#unsubscribe-simple
Please read *all* of the information on unsubscribing that is
available starting at this URL.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |