Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Reply-To: cygwin AT cygwin DOT com
Message-Id: <cygwin.42CF6120.9080200@cwilson.fastmail.fm>
Date: Sat, 09 Jul 2005 01:31:12 -0400
From: Charles Wilson <cygwin AT cwilson DOT fastmail DOT fm>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: [ANNOUNCEMENT] Updated: mingw-bzip2-1.0.3-1, mingw-libbz2_1-1.0.3-1
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

The mingw-bzip2 package has been updated to version 1.0.3-1. 
mingw-bzip2 provides the static library, DLL import library, and header 
files for building non-cygwin applications (like setup.exe) which need 
access to bzip2 compression algorithms.  mingw-libbz2_1 provides the 
corresponding DLL.

These libraries are built using the standard windows runtime library and 
NOT cygwin; it is used by setup.exe among other tools.  No executables 
(like bzip2.exe) are provided by these packages.  Use the cygwin 
versions instead, or go to the bzip2 homepage at http://www.bzip2.org/ 
for native windows executables.

CHANGES:

Routine update to upstream version 1.0.3

Addresses security issue CAN-2005-1260 "bzip2 allows remote attackers to 
cause a denial of service (hard drive consumption) via a crafted bzip2 
file that causes an infinite loop (a.k.a "decompression bomb")."

Addresses security issue CAN-2005-0953 "Race condition in bzip2 1.0.2 
and earlier allows local users to modify permissions of arbitrary files 
via a hard link attack on a file while it is being decompressed, whose 
permissions are changed by bzip2 after the decompression is complete."


-- 
Chuck


To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.

               *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain DOT com AT cygwin DOT com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at the above URL.




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/