Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Mon, 5 Sep 2005 12:03:30 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: bug in unshar Message-ID: <20050905100330.GA23702@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <43145A16 DOT 7040007 AT byu DOT net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43145A16.7040007@byu.net> User-Agent: Mutt/1.4.2i On Aug 30 07:07, Eric Blake wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > unshar 4.4 coredumps due to an unitialized variable [1], (not to mention > it executes arbirary shell code, which can be considered a security > flaw[2], but that is inherent in the design of shar rather than something > patchable in code). Since it has been close to a month since cygwin > sharutils-4.4-1 was released, nobody is using unshar very much :) > > Upstream is about to release 4.5.2, but even 4.5.2-pre1 core dumps due to > the refactoring of unshar to get rid of the uninitialized variable. > Corinna, since shar and tar are functionally related (both create > archives), would you like it if I took over maintainership of sharutils, > to leave you more time with cygwin itself? Sure, go ahead! Thanks for the offer. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/