[SECURITY] cygwin32-expat, mingw64-$arch-expat, etc.
Warren Young
wyml@etr-usa.com
Wed Mar 16 20:50:00 GMT 2016
On Mar 16, 2016, at 2:32 PM, Yaakov Selkowitz <yselkowitz@cygwin.com> wrote:
>
> On 2016-03-16 14:28, Warren Young wrote:
>> expat 2.1.1 fixes MEDIUM-rated CVE-2015-1283. I’ve uploaded the regular
>> expat 2.1.1 packages, but the cross-development packages maintained by
>> Yaakov are all at 2.1.0. Some appear to have 2.1.1 alternate versions available
>
> mingw64-*-expat were updated to 2.1.1 a few days ago already.
Might I ask how you even learned that a newer version was available? The expat project doesn’t have mailing lists any more. I was contacted by one of the upstream maintainers, which seems a bit back-channel to me.
I assume that someone who maintains so many packages has a better way to keep on top of which packages need to be updated.
More information about the Cygwin-apps
mailing list