X-Recipient: archive-cygwin@delorie.com
X-SWARE-Spam-Status: No, hits=0.8 required=5.0	tests=BAYES_50,RCVD_IN_DNSWL_NONE
X-Spam-Check-By: sourceware.org
Message-ID: <4D2C425B.8070401@x-ray.at>
Date: Tue, 11 Jan 2011 12:43:23 +0100
From: Reini Urban <rurban@x-ray.at>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.16) Gecko/20101123 SeaMonkey/2.0.11
MIME-Version: 1.0
To: Cygwin List <cygwin@cygwin.com>
CC: cygwin@cwilson.fastmail.fm
Subject: bzip2 update please
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com

Dear bzip2 maintainer (Charles),
1.0.6 is required against the CVE-2010-0405 decompression attack.

See http://bzip.org/
and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405

Did Yaakov overlook this? Normally he's the one bugging first.
clamav had a configure check for this.
-- 
Reini Urban
http://phpwiki.org/  http://murbreak.at/

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple