On 2012-08-15 02:30, Yaakov (Cygwin/X) wrote: > On Tue, 2012-08-14 at 22:05 +0200, Corinna Vinschen wrote: >> Chuck? >> >> Ping 2? >> >> If you don't reply I guess we have to assume you're not with us >> anymore. Which would be too bad. > > Indeed. :-(
Dito. >> On Aug 3 09:58, Corinna Vinschen wrote: >>> On Jul 23 16:48, Yaakov (Cygwin/X) wrote: >>>> Chuck, >>>> >>>> Security vulnerabilities are accumulating for the tiff package >>>> (CVE-2011-0192, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088, >>>> CVE-2012-2113, CVE-2012-3401). This can be fixed by updating to >>>> 3.9.6 and applying the four patches found here: >>>> >>>> http://pkgs.fedoraproject.org/gitweb/?p=libtiff.git;a=tree;h=refs/heads/f17;hb=f17 >>>> >>>> There are also security vulnerabilities in the libpng packages >>>> (CVE-2011-3026, CVE-2011-3048, and now CVE-2012-3386). These need Did you mean CVE-2011-3328? CVE-2012-3386 is for Automake, as you have written below... >>>> to be updated to the latest 1.4.12, 1.2.50, and 1.0.60 releases. > > And now there's YA: automake1.11 needs a bump to 1.11.6 for > CVE-2012-3386; earlier branches are also affected, but I haven't seen > any backporting patches yet. Regarding CVE-2012-3386 and Cygwin, does it really help? AFAIU, Cygwin doesn't handle a malicious local user very well anyway. Or does it? (not saying that I don't want updates or anything, I'm just adding some perspective) Cheers, Peter