On Wed, 2015-03-18 at 17:22 -0500, Yaakov Selkowitz wrote: > Any chance you could update the Cygwin cabextract package to 1.5 plus > the fix for CVE-2015-2060 (r217)? While you're at it, r219 also looks desirable. BTW, we have libmspack in the distro now, so --with-external-libmspack would be the way to go to avoid bundling code. -- Yaakov