bug in unshar
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Sep 5 10:03:00 GMT 2005
On Aug 30 07:07, Eric Blake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> unshar 4.4 coredumps due to an unitialized variable [1], (not to mention
> it executes arbirary shell code, which can be considered a security
> flaw[2], but that is inherent in the design of shar rather than something
> patchable in code). Since it has been close to a month since cygwin
> sharutils-4.4-1 was released, nobody is using unshar very much :)
>
> Upstream is about to release 4.5.2, but even 4.5.2-pre1 core dumps due to
> the refactoring of unshar to get rid of the uninitialized variable.
> Corinna, since shar and tar are functionally related (both create
> archives), would you like it if I took over maintainership of sharutils,
> to leave you more time with cygwin itself?
Sure, go ahead! Thanks for the offer.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list