Updated: mingw-bzip2-1.0.3-1, mingw-libbz2_1-1.0.3-1
Sat Jul 9 05:32:00 GMT 2005
The mingw-bzip2 package has been updated to version 1.0.3-1.
mingw-bzip2 provides the static library, DLL import library, and header
files for building non-cygwin applications (like setup.exe) which need
access to bzip2 compression algorithms. mingw-libbz2_1 provides the
These libraries are built using the standard windows runtime library and
NOT cygwin; it is used by setup.exe among other tools. No executables
(like bzip2.exe) are provided by these packages. Use the cygwin
versions instead, or go to the bzip2 homepage at http://www.bzip2.org/
for native windows executables.
Routine update to upstream version 1.0.3
Addresses security issue CAN-2005-1260 "bzip2 allows remote attackers to
cause a denial of service (hard drive consumption) via a crafted bzip2
file that causes an infinite loop (a.k.a "decompression bomb")."
Addresses security issue CAN-2005-0953 "Race condition in bzip2 1.0.2
and earlier allows local users to modify permissions of arbitrary files
via a hard link attack on a file while it is being decompressed, whose
permissions are changed by bzip2 after the decompression is complete."
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Then, run setup and answer all of the questions.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
If you need more information on unsubscribing, start reading here:
Please read *all* of the information on unsubscribing that is available
starting at the above URL.
More information about the Cygwin-announce