HEADSUP: pcre security announcement
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Sep 5 09:47:00 GMT 2005
Two weeks and no response. Unfortunately we have this security issue
and also a couple of packages relying on libpcre. So we would need either
a quick response from Ronald or somebody willing to take over the package
fairly quickly.
Anybody, please?
On Aug 22 21:34, Corinna Vinschen wrote:
> Ronald,
>
> I just found out about the following security advisory:
>
> http://www.securitytracker.com/alerts/2005/Aug/1014744.html
>
> "PCRE Heap Overflow May Let Users Execute Arbitrary Code"
>
> This is a vulnerability up to PCRE version 6.1. I just realized that
> your latest PCRE update is from 2003-12-15, version 4.5. Could you
> please look into this and update PCRE to the latest version 6.3?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader mailto:cygwin@cygwin.com
Red Hat, Inc.
More information about the Cygwin-apps
mailing list