This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

bug in unshar


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

unshar 4.4 coredumps due to an unitialized variable [1], (not to mention
it executes arbirary shell code, which can be considered a security
flaw[2], but that is inherent in the design of shar rather than something
patchable in code).  Since it has been close to a month since cygwin
sharutils-4.4-1 was released, nobody is using unshar very much :)

Upstream is about to release 4.5.2, but even 4.5.2-pre1 core dumps due to
the refactoring of unshar to get rid of the uninitialized variable.
Corinna, since shar and tar are functionally related (both create
archives), would you like it if I took over maintainership of sharutils,
to leave you more time with cygwin itself?

[1]http://lists.gnu.org/archive/html/bug-gnu-utils/2005-07/msg00101.html
[2]http://lists.gnu.org/archive/html/bug-gnu-utils/2005-07/msg00102.html

- --
Life is short - so eat dessert first!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFFoW84KuGfSFAYARAv5PAKCOo6DGtbnTGGNzEhFgV55AL3H11gCfYzlw
senjOoP07w8oTgWfVYeZU1A=
=mmwN
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]