-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Corinna Vinschen on 8/24/2007 1:56 AM: > Hi Eric, > > does that apply to Cygwin's tar, too? > > http://www.linuxcompatible.org/RHSA-20070860-01_Moderate_tar_security_update_p94768.html
Thanks for the heads up. Yes, cygwin is vulnerable, too (although since cygwin doesn't handle .. quite according to POSIX, the vulnerability is slightly different). New tar upload coming soon to a mirror near you. - -- Don't work too hard, make some time for fun as well! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzs+K84KuGfSFAYARAt0TAJ45dzEv80jEvq6apv98vDbjEi7FMwCaArvV Jgxnc7wQHF9MFEJeoR184L0= =FqCW -----END PGP SIGNATURE-----
