On Sun, Mar 31, 2024 at 9:15 PM Keith Thompson
wrote:
>
> Achim Gratz strom...@nexgo.de wrote:
> > Beyond that, the version 5.4.6 that everybody is currently reverting to
> > (and is also still available for Cygwin if you want to go back) was
> > already released when the presumed bad actor was co
Achim Gratz strom...@nexgo.de wrote:
> Beyond that, the version 5.4.6 that everybody is currently reverting to
> (and is also still available for Cygwin if you want to go back) was
> already released when the presumed bad actor was co-maintainer and their
> involvement goes back even farther based
Am 29.03.2024 um 23:43 schrieb Ron Murray via Cygwin:
There is a serious security issue with xz (and liblzma) versions 5.6.0-1
and 5.6.1-1. I note that cywin currently is suggesting an upgrade to
5.6.1-1, which is unsafe. I've looked at the cygwin archives and I don't
see a reference to this: s
There is a serious security issue with xz (and liblzma) versions 5.6.0-1
and 5.6.1-1. I note that cywin currently is suggesting an upgrade to
5.6.1-1, which is unsafe. I've looked at the cygwin archives and I don't
see a reference to this: sorry if you're already aware of this issue.
Reference
4 matches
Mail list logo
