This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: RHSA-2007:0860-01 Moderate: tar security update
- From: Eric Blake <ebb9 at byu dot net>
- To: cygwin-apps at cygwin dot com
- Date: Fri, 24 Aug 2007 06:31:06 -0600
- Subject: Re: RHSA-2007:0860-01 Moderate: tar security update
- References: <20070824075619.GR23854@calimero.vinschen.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Corinna Vinschen on 8/24/2007 1:56 AM:
> Hi Eric,
>
> does that apply to Cygwin's tar, too?
>
> http://www.linuxcompatible.org/RHSA-20070860-01_Moderate_tar_security_update_p94768.html
Thanks for the heads up. Yes, cygwin is vulnerable, too (although since
cygwin doesn't handle .. quite according to POSIX, the vulnerability is
slightly different). New tar upload coming soon to a mirror near you.
- --
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGzs+K84KuGfSFAYARAt0TAJ45dzEv80jEvq6apv98vDbjEi7FMwCaArvV
Jgxnc7wQHF9MFEJeoR184L0=
=FqCW
-----END PGP SIGNATURE-----