RHSA-2007:0860-01 Moderate: tar security update

Eric Blake ebb9@byu.net
Fri Aug 24 12:31:00 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Corinna Vinschen on 8/24/2007 1:56 AM:
> Hi Eric,
> 
> does that apply to Cygwin's tar, too?
> 
> http://www.linuxcompatible.org/RHSA-20070860-01_Moderate_tar_security_update_p94768.html

Thanks for the heads up.  Yes, cygwin is vulnerable, too (although since
cygwin doesn't handle .. quite according to POSIX, the vulnerability is
slightly different).  New tar upload coming soon to a mirror near you.

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGzs+K84KuGfSFAYARAt0TAJ45dzEv80jEvq6apv98vDbjEi7FMwCaArvV
Jgxnc7wQHF9MFEJeoR184L0=
=FqCW
-----END PGP SIGNATURE-----



More information about the Cygwin-apps mailing list