This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: SECURITY vulnerabilities update 2007-Sep-25

From: "Reini Urban" <rurban at x-ray dot at>
To: cygwin-apps at cygwin dot com
Date: Thu, 2 Oct 2008 20:12:27 +0200
Subject: Re: SECURITY vulnerabilities update 2007-Sep-25
References: <48DC650B.7040407@users.sourceforge.net>

2008/9/26 Yaakov (Cygwin Ports):
> Unfortunately we haven't made any progress since my last update two
> weeks ago, and now there's a new vulnerability (clamav).

I'm still working on this in my spare time.

1st problem:
configure:16877: result: bugged
configure:16886: WARNING: ****** bzip2 libraries are affected by the
CVE-2008-1372 bug
configure:16888: WARNING: ****** We strongly suggest you to update to
bzip2 1.0.5.
configure:16890: WARNING: ****** Please do not report stability
problems to the ClamAV developers!

But I have libbz2-devel-1.0.5-2

And then there's a minor libtool problem I have to fix on my laptop.
I'm still on a longer business trip.

> clamav
> problem: DoS (CVE-2008-1389/3912/3913/3914)
> solution: bump to 0.94
> info: http://www.gentoo.org/security/en/glsa/glsa-200809-18.xml
-- 
Reini Urban
http://phpwiki.org/              http://murbreak.at/

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]