This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: HEADSUP: pcre security announcement


Two weeks and no response.  Unfortunately we have this security issue
and also a couple of packages relying on libpcre.  So we would need either
a quick response from Ronald or somebody willing to take over the package
fairly quickly.

Anybody, please?


On Aug 22 21:34, Corinna Vinschen wrote:
> Ronald,
> 
> I just found out about the following security advisory:
> 
> http://www.securitytracker.com/alerts/2005/Aug/1014744.html
> 
> "PCRE Heap Overflow May Let Users Execute Arbitrary Code"
> 
> This is a vulnerability up to PCRE version 6.1.  I just realized that
> your latest PCRE update is from 2003-12-15, version 4.5.  Could you
> please look into this and update PCRE to the latest version 6.3?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin@cygwin.com
Red Hat, Inc.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]