Neon has been updated to new upstream version 0.24.6. This is a security bugfix release. There are no security consequences to Cygwin users, however, because no packages using neon have yet been added to the Cygwin net distribution.
Upstream announcement: Changes in release 0.24.6: * SECURITY (CVE CAN-2004-0398): Fix sscanf overflow in ne_rfc1036_parse, thanks to Stefan Esser. * Link libneon against libexpat during Subversion build using bundled neon. * Win32 build script update (Jon Foster). Max. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
