bug in unshar

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Sep 5 10:03:00 GMT 2005


On Aug 30 07:07, Eric Blake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> unshar 4.4 coredumps due to an unitialized variable [1], (not to mention
> it executes arbirary shell code, which can be considered a security
> flaw[2], but that is inherent in the design of shar rather than something
> patchable in code).  Since it has been close to a month since cygwin
> sharutils-4.4-1 was released, nobody is using unshar very much :)
> 
> Upstream is about to release 4.5.2, but even 4.5.2-pre1 core dumps due to
> the refactoring of unshar to get rid of the uninitialized variable.
> Corinna, since shar and tar are functionally related (both create
> archives), would you like it if I took over maintainership of sharutils,
> to leave you more time with cygwin itself?

Sure, go ahead!  Thanks for the offer.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list