X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE X-Spam-Check-By: sourceware.org Message-ID: <4D2C425B.8070401@x-ray.at> Date: Tue, 11 Jan 2011 12:43:23 +0100 From: Reini Urban User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.16) Gecko/20101123 SeaMonkey/2.0.11 MIME-Version: 1.0 To: Cygwin List CC: cygwin AT cwilson DOT fastmail DOT fm Subject: bzip2 update please Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Dear bzip2 maintainer (Charles), 1.0.6 is required against the CVE-2010-0405 decompression attack. See http://bzip.org/ and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405 Did Yaakov overlook this? Normally he's the one bugging first. clamav had a configure check for this. -- Reini Urban http://phpwiki.org/ http://murbreak.at/ -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple