Re: Security advisories: lynx
On Oct 17 11:02, Yaakov S (Cygwin Ports) wrote: Lynx contains a buffer overflow that may be exploited to execute arbitrary code. (CAN-2005-3120) Solution: lynx-2.8.5 needs to be patched (URL below). http://security.gentoo.org/glsa/glsa-200510-15.xml http://bugs.gentoo.org/show_bug.cgi?id=108451 http://dev.gentoo.org/~seemant/distfiles/lynx-2.8.5-CAN-2005-3120.patch.bz2 Thanks for the heads up, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat, Inc.
Re: Security advisories: clamav
Sorry, I cannot provide an update/nor fix until 25 of October. I'm on holidays until then. On 10/17/05, Yaakov S (Cygwin Ports) [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Clam AntiVirus is subject to vulnerabilities ranging from Denial of Service to execution of arbitrary code when handling compressed executables. (CAN-2005-2919, CAN-2005-2920) Clam AntiVirus is also vulnerable to integer overflows when handling several file formats, potentially resulting in the execution of arbitrary code. (CAN-2005-2450) Solution: update to 0.87. http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml http://bugs.gentoo.org/show_bug.cgi?id=106279 http://www.gentoo.org/security/en/glsa/glsa-200507-25.xml http://bugs.gentoo.org/show_bug.cgi?id=100178 http://sourceforge.net/project/shownotes.php?release_id=356974 -- Reini Urban
Re: Multiple pending setup patches
Op Tue, 18 Oct 2005 01:35:12 -0400 (EDT) schreef Igor Pechtchanski in [EMAIL PROTECTED]: : On Tue, 18 Oct 2005, Buzz wrote: : Op Sun, 16 Oct 2005 17:30:34 -0400 (EDT) schreef Igor Pechtchanski: [Mirror manually added or stale.] : : You are assuming that the format of the last-mirror file is fixed and : : won't change. We could keep the fact that the user typed in the mirror : : URL as opposed to clicking on one of the official ones... : : Igor : Would it not be possible to use the cached mirror-list to : differentiate the two cases? (Only warn if a mirror is used which is : in cache but not in new list. Keep the old mirror in the cache if : the user wants to be warned again.) : (I know, SHTDI.) : a) the cached mirror-list was only introduced recently, I suggest using it. Your point? : b) the cached mirror-list is overwritten every time a successful : connection is established with sourceware.org, That could change. (Or the stale mirrors might get appended.) : c) this kind of information belongs in last-mirror, IMO, and That is also an option. Adding a ``stale''-flag there, if the user wants to be warned again, should work. Still, one could use the cached mirror-list to determine when an official mirror went stale since last connection. : d) you said it: SHTDI. If there's interest, I'm willing to look into the source. (It may take me a while. The last time I looked at it is way back.) L8r, Buzz. -- ) | | ---/ ---/ Yes, this | This message consists of true | I do not -- | | // really is | and false bits entirely.| mail for ) | | //a 72 by 4 +---+ any1 but -- \--| /--- /--- .sigfile. | |perl -pe s.u(z)\1.as.| me. 4^re
Bad setup.hint for sunrpc?
It looks like sunrpc may have a bad setup.hint somewhere in the system. In the latest setup.ini (where I noticed this), I see: @ sunrpc sdesc: A wrapper for stat(2) and statfs(2). ldesc: A wrapper for stat(2) and statfs(2). category: Utils requires: cygwin ... which seems a bit odd. The setup.hint included with the source package is: category: Libs requires: cygwin sdesc: Sun RPC (ONC/RPC) libraries and utilities. ldesc: This distribution contains Sun Microsystem's implementation of the RPC and XDR protocols. Also included is complete documentation, utilities, RPC service specification files, and demonstration services in the format used by the RPC protocol compiler (rpcgen). It's entirely possible I confused the setup.hint I sent at one point with another on my system - if that's the case, then I apologize for having to ask if someone would clean up after my mistake. -Samrobb