This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: bug in unshar
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Mon, 5 Sep 2005 12:03:30 +0200
- Subject: Re: bug in unshar
- References: <43145A16.7040007@byu.net>
- Reply-to: cygwin at cygwin dot com
On Aug 30 07:07, Eric Blake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> unshar 4.4 coredumps due to an unitialized variable [1], (not to mention
> it executes arbirary shell code, which can be considered a security
> flaw[2], but that is inherent in the design of shar rather than something
> patchable in code). Since it has been close to a month since cygwin
> sharutils-4.4-1 was released, nobody is using unshar very much :)
>
> Upstream is about to release 4.5.2, but even 4.5.2-pre1 core dumps due to
> the refactoring of unshar to get rid of the uninitialized variable.
> Corinna, since shar and tar are functionally related (both create
> archives), would you like it if I took over maintainership of sharutils,
> to leave you more time with cygwin itself?
Sure, go ahead! Thanks for the offer.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader mailto:cygwin@cygwin.com
Red Hat, Inc.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/