Updated: bzip2-1.0.3-1, libbz2_1-1.0.3-1
Sat Jul 9 05:32:00 GMT 2005
bzip2 provides the bzip2.exe / bunzip2.exe executables, a
patent-unencumbered but highly effective compression tool.
Routine update to upstream version 1.0.3
Addresses security issue CAN-2005-1260 "bzip2 allows remote attackers to
cause a denial of service (hard drive consumption) via a crafted bzip2
file that causes an infinite loop (a.k.a "decompression bomb")."
Addresses security issue CAN-2005-0953 "Race condition in bzip2 1.0.2
and earlier allows local users to modify permissions of arbitrary files
via a hard link attack on a file while it is being decompressed, whose
permissions are changed by bzip2 after the decompression is complete."
bzip2 volunteer maintainer for cygwin
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
If you need more information on unsubscribing, start reading here:
Please read *all* of the information on unsubscribing that is available
starting at the above URL.
More information about the Cygwin-announce