This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [SECURITY] cabextract: CVE-2015-2060
- From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Cc: stuart dot caie at gmail dot com
- Date: Thu, 19 Mar 2015 18:18:37 -0500
- Subject: Re: [SECURITY] cabextract: CVE-2015-2060
- Authentication-results: sourceware.org; auth=none
- References: <1426717367 dot 12464 dot 74 dot camel at cygwin dot com>
On Wed, 2015-03-18 at 17:22 -0500, Yaakov Selkowitz wrote:
> Any chance you could update the Cygwin cabextract package to 1.5 plus
> the fix for CVE-2015-2060 (r217)?
While you're at it, r219 also looks desirable.
BTW, we have libmspack in the distro now, so --with-external-libmspack
would be the way to go to avoid bundling code.
--
Yaakov