This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: RHSA-2007:0860-01 Moderate: tar security update


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Corinna Vinschen on 8/24/2007 1:56 AM:
> Hi Eric,
> 
> does that apply to Cygwin's tar, too?
> 
> http://www.linuxcompatible.org/RHSA-20070860-01_Moderate_tar_security_update_p94768.html

Thanks for the heads up.  Yes, cygwin is vulnerable, too (although since
cygwin doesn't handle .. quite according to POSIX, the vulnerability is
slightly different).  New tar upload coming soon to a mirror near you.

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzs+K84KuGfSFAYARAt0TAJ45dzEv80jEvq6apv98vDbjEi7FMwCaArvV
Jgxnc7wQHF9MFEJeoR184L0=
=FqCW
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]