This is the mail archive of the
mailing list for the Cygwin project.
Re: HEADSUP: pcre security announcement
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin-apps at cygwin dot com,Ronald Landheer-Cieslak <blytkerchan at users dot sourceforge dot net>
- Date: Mon, 5 Sep 2005 11:47:09 +0200
- Subject: Re: HEADSUP: pcre security announcement
- References: <20050822193426.GA6246@calimero.vinschen.de>
- Reply-to: cygwin-apps at cygwin dot com
Two weeks and no response. Unfortunately we have this security issue
and also a couple of packages relying on libpcre. So we would need either
a quick response from Ronald or somebody willing to take over the package
On Aug 22 21:34, Corinna Vinschen wrote:
> I just found out about the following security advisory:
> "PCRE Heap Overflow May Let Users Execute Arbitrary Code"
> This is a vulnerability up to PCRE version 6.1. I just realized that
> your latest PCRE update is from 2003-12-15, version 4.5. Could you
> please look into this and update PCRE to the latest version 6.3?
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader mailto:email@example.com
Red Hat, Inc.