-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Mike Cappella on 8/4/2008 2:33 PM: | With the recent CVE security announcement regarding setup.exe: | | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3323 | | I'm wondering if perhaps it make sense to include the version number of | setup.exe on the main Cygwin web page? It is currently seems to require | downloading setup.exe and running it to determine the version number.
On the other hand, the above vulnerability can only occur if you click beyond the screen displaying the version number, so there isn't really any harm in running setup.exe to determine whether it is new enough to avoid that particular bug. - -- Don't work too hard, make some time for fun as well! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiXrMkACgkQ84KuGfSFAYDLtACgl3Uu1DOlwdtdRxrvmcngELT3 IBEAn1F2RLKNyZzVs5hZ+WCd9vuxOkDK =JTzx -----END PGP SIGNATURE----- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
