Mail Archives: cygwin/2019/03/20/10:19:08

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2019/03/20/10:19:08

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:cc:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; q=dns; s=

default; b=Fc+ZNlV/v7vznZLuhu7HAyqC1VqyRSYyvswRGcltIA4tKw40Kl1FK

8v2JuQWRw8Ihk6G9Su3esuUATRVt1br3G5+bi65lbNIAUmYefhuYVKh0j3oewX0g

R+E4o9wh3tteElt846NCVpZYVCI9wly2zc6PoYwJj2AhJTiEEek37I=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:date:from:to:cc:subject:message-id:reply-to

:references:mime-version:content-type:in-reply-to; s=default;

bh=odSW2IQTkipu40uASrt7PX8XIRw=; b=BuNEtWmM5G/hR1svFw5u01QIK46O

GmlvmAICfdiOFILqG0wFqUfnVgtDWIskYYDftw6iKwR88XFTSipySsKPy+ZTavAG

yoFUu5uLygJa7TUMCMcbSTEfQxjGwH+GunDFfDKN7jTbPk3h20as5Ax8jWv9RPZt

cKsbEnVYRrSMNmU=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-101.8 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=Halco, halco, HX-Languages-Length:801, our

X-HELO: mout.kundenserver.de

Date: Wed, 20 Mar 2019 15:18:50 +0100

From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>

To: Bruce Halco <bruce AT halcomp DOT com>

Cc: cygwin AT cygwin DOT com

Subject: Re: openSSH Vulnerability

Message-ID: <20190320141850.GT3908@calimero.vinschen.de>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: Bruce Halco <bruce AT halcomp DOT com>, cygwin AT cygwin DOT com

References: <cdd0f8a3-8e3c-5b9c-7633-40af3424f780 AT halcomp DOT com>

MIME-Version: 1.0

In-Reply-To: <cdd0f8a3-8e3c-5b9c-7633-40af3424f780@halcomp.com>

User-Agent: Mutt/1.11.3 (2019-02-01)

--YrlhzR9YrZtruaFS
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mar 20 09:13, Bruce Halco wrote:
> openSSH 7.9 is subject to vulnerability CVE-2019-6111. This has been fixed
> in at least some distributions, Debian at least.

Fedora (which is our role model) doesn't and the vulnerability is not
deemed that critical by the upstream maintainers:

https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.ht=
ml

Fedora's 7.9p1 has an additional patch for CVE-2018-20685 only.

I was planning to wait for OpenSSH 8.0.  It was originally slated
for end of January or at least February, but there's no hint from the
upstream maintainers yet in terms of the (obviously changed) release
planning for 8.0.

I can push a 7.9 with the Fedora patch for CVE-2018-20685 if that
helps.


Corinna

--=20
Corinna Vinschen
Cygwin Maintainer

--YrlhzR9YrZtruaFS
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEoVYPmneWZnwT6kwF9TYGna5ET6AFAlySS8oACgkQ9TYGna5E
T6B6Qg//ZfaIGOmGOjZCfXUr2gqgnDfZAyvz/O6G9sISz9Fe0t/Gj9VJBW1SUvY9
sZPoLBuN1Y/S6EQpF9wsSPsil/avqHHfhq2c1uuBMWZ71y0WfansVw6TJAWINyUy
nz34oKYtC69KnIEwehksolRer+XU1L5JKfiVPXMI0xfaAxIxQuCm7Y/XmRFXQHyJ
Ag8g8nVqtTxb9I8s2a54vdbBDYKJUmOaOs7Yiq+IA7/dC0Mp55Cps9/hWNIkl0w7
5lNd6O6oZQZ8s/OWv+ozeO2wr0a9M49QXcMYYrTJupAyrWibrgRgFXrB7zl9w0CB
QsM/rATyqQs6PwieyUFZ1qVb3nTfrE6btlkQOv9wbTvj5+7JHbPQhI+mSr4f9HC2
mcztoJkGWhgvSiThDGYvZSvFd1oaQ4dPvY6AT9pK+LL2QrJCEdBKdsd95UhtqtbB
fYs6AeSX2s/yeNPqzVAl7a1slYntnX2/x+8PtlF+fDl/r/jn8mevu4m8sdM4u3vb
UP75ROJJgeyjYQjxF7oHoFA7doiWsgBVmeT64jXzr/qgvV3dOeR2XCKxb8101IGt
lEBq3J1eW6si43srJg//UKbagPa53ef9Z4emnvKbgX0tvrOuHek4nygQVBmqOtq/
osUKpQkWGISgrajwaE6UiQ/lP3ukkhyeTxtG/UFN/rJf0rhxX/U=
=WWw2
-----END PGP SIGNATURE-----

--YrlhzR9YrZtruaFS--

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=Fc+ZNlV/v7vznZLuhu7HAyqC1VqyRSYyvswRGcltIA4tKw40Kl1FK
	8v2JuQWRw8Ihk6G9Su3esuUATRVt1br3G5+bi65lbNIAUmYefhuYVKh0j3oewX0g
	R+E4o9wh3tteElt846NCVpZYVCI9wly2zc6PoYwJj2AhJTiEEek37I=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:cc:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	bh=odSW2IQTkipu40uASrt7PX8XIRw=; b=BuNEtWmM5G/hR1svFw5u01QIK46O
	GmlvmAICfdiOFILqG0wFqUfnVgtDWIskYYDftw6iKwR88XFTSipySsKPy+ZTavAG
	yoFUu5uLygJa7TUMCMcbSTEfQxjGwH+GunDFfDKN7jTbPk3h20as5Ax8jWv9RPZt
	cKsbEnVYRrSMNmU=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-101.8 required=5.0 tests=AWL,BAYES_00,GOOD_FROM_CORINNA_CYGWIN,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=Halco, halco, HX-Languages-Length:801, our
X-HELO:	mout.kundenserver.de
Date:	Wed, 20 Mar 2019 15:18:50 +0100
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	Bruce Halco <bruce AT halcomp DOT com>
Cc:	cygwin AT cygwin DOT com
Subject:	Re: openSSH Vulnerability
Message-ID:	<20190320141850.GT3908@calimero.vinschen.de>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	Bruce Halco <bruce AT halcomp DOT com>, cygwin AT cygwin DOT com
References:	<cdd0f8a3-8e3c-5b9c-7633-40af3424f780 AT halcomp DOT com>
MIME-Version:	1.0
In-Reply-To:	<cdd0f8a3-8e3c-5b9c-7633-40af3424f780@halcomp.com>
User-Agent:	Mutt/1.11.3 (2019-02-01)