Updated: bzip2-1.0.3-1, libbz2_1-1.0.3-1

Charles Wilson cygwin@cwilson.fastmail.fm
Sat Jul 9 05:32:00 GMT 2005

bzip2 provides the bzip2.exe / bunzip2.exe executables, a 
patent-unencumbered but highly effective compression tool.


Routine update to upstream version 1.0.3

Addresses security issue CAN-2005-1260 "bzip2 allows remote attackers to 
cause a denial of service (hard drive consumption) via a crafted bzip2 
file that causes an infinite loop (a.k.a "decompression bomb")."

Addresses security issue CAN-2005-0953 "Race condition in bzip2 1.0.2 
and earlier allows local users to modify permissions of arbitrary files 
via a hard link attack on a file while it is being decompressed, whose 
permissions are changed by bzip2 after the decompression is complete."

Charles Wilson
bzip2 volunteer maintainer for cygwin

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.


If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:


If you need more information on unsubscribing, start reading here:


Please read *all* of the information on unsubscribing that is available
starting at the above URL.

More information about the Cygwin-announce mailing list