[pigz-announce] pigz version 2.2.5 released
madler at alumni.caltech.edu
Sat Jul 28 13:56:02 MST 2012
pigz version 2.2.5 has been released and is now available at http://zlib.net/pigz/ . The main changes since 2.2.4 are:
- Change suffix to .tar when decompressing or listing .tgz.
- Print name of executable in error messages.
- Show help properly when the name is unpigz or gunzip.
- Fix permissions security problem before output is closed.
The security hole in 2.2.4 was due to the output file temporarily having more liberal access permissions (group and other read) that possibly the input file (e.g. only user read). Once the write was complete however, the output file was set to the correct permissions. With 2.2.5, the output file is readable only by the user while being written. You should upgrade immediately to 2.2.5 to avoid the potential security issue.
More information about the pigz-announce