-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix CVE-2019-12900 #5
base: master
Are you sure you want to change the base?
Conversation
hasufell
commented
Mar 8, 2024
- [Security] Shipped source code is vulnerable to CVE-2019-12900 #4
- bzlib is vulnerable to CVE-2019-12900 haskell/security-advisories#155
This unfortunately requires windows users to set I'm contemplating what to do about it. |
Well, given that bzip2 is available via msys2 and system libs are to be preferred, I think the current circumstances make sense: https://packages.msys2.org/package/mingw-w64-x86_64-bzip2 |
My idea is actually to provide one single project independent bzip2-clib library: https://github.com/hasufell/bzip2-clib Unfortunately, we're stuck thanks to Haskell tooling again: haskell/hackage-server#1294 Unless we want to lie about the actual license. |
"we don't have pkg-config stanza, which cabal could use to change automatic flags" ? |
|
Right, and that pr was merged, so if thats the feature you're referring to, it exists. |
Ah. bzip2 has no |