Mail Archives: cygwin/2005/08/30/09:07:51
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
unshar 4.4 coredumps due to an unitialized variable [1], (not to mention
it executes arbirary shell code, which can be considered a security
flaw[2], but that is inherent in the design of shar rather than something
patchable in code). Since it has been close to a month since cygwin
sharutils-4.4-1 was released, nobody is using unshar very much :)
Upstream is about to release 4.5.2, but even 4.5.2-pre1 core dumps due to
the refactoring of unshar to get rid of the uninitialized variable.
Corinna, since shar and tar are functionally related (both create
archives), would you like it if I took over maintainership of sharutils,
to leave you more time with cygwin itself?
[1]http://lists.gnu.org/archive/html/bug-gnu-utils/2005-07/msg00101.html
[2]http://lists.gnu.org/archive/html/bug-gnu-utils/2005-07/msg00102.html
- --
Life is short - so eat dessert first!
Eric Blake ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDFFoW84KuGfSFAYARAv5PAKCOo6DGtbnTGGNzEhFgV55AL3H11gCfYzlw
senjOoP07w8oTgWfVYeZU1A=
=mmwN
-----END PGP SIGNATURE-----
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -