X-Recipient:	archive-cygwin AT delorie DOT com
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.3.2 sourceware.org 30CC53865C2D
Authentication-Results:	sourceware.org;
	dmarc=none (p=none dis=none) header.from=dinwoodie.org
Authentication-Results:	sourceware.org;
	spf=pass smtp.mailfrom=adam AT dinwoodie DOT org
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=dinwoodie.org; s=google;
	h=mime-version:references:in-reply-to:from:date:message-id:subject:to
	:content-transfer-encoding;
	bh=xol6r48YPtRE2hmLFdAunCXbYJyU5DoXFSDu506vnPE=;
	b=P2JKyJUPQ0VAzp8CSR2yKjFpLvHpGWxdAmLTqmVAHCUqyKKmQeqXd7Hgp1mtEK+Uuq
	U1iMLLg8XBs3eAY2ygF+SwwwvkKDBATc5X3OS7I7WFSwFKg+KBwdP55D2laGhqeuqTcJ
	KiQNVeeNMhs0z5uhRdVMFTHRiBY6eI83qHens=
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-transfer-encoding;
	bh=xol6r48YPtRE2hmLFdAunCXbYJyU5DoXFSDu506vnPE=;
	b=tR+OsuPukmhO7eGeOSvpWn4KCl2CIs1dT7YBrUHBC3echyXa4gKyF94t8Wn6O4TxjZ
	75F/OKoTP2p6HkcDAdYzW+rg1dzoix2Fajpe9A20PzWiQTwTy4tes3xj5r/jzfvbj29S
	Bj4dyQnoTPDmap9ZmLqRfD/wZK9vBmVmNFmPrq3tsvzMRIGSvWRYp0Q2dSTaqLe/nnm/
	LSRZTaDiizmDBSA2ThV/eKQuPlk0D7R7U40mILDha8gpTn9P+Yis0ROV8+fS0j/sc0Bk
	Dmm6RhTtrz/DHy5/Z53RyJGW9Yu3KFqt3IUH10dWGhN5TJD/OASSkJ5vZPLG7H2VI/vJ
	pcqA==
X-Gm-Message-State:	AOAM531ikoQezm30NxbjSl6kRbHZsvh1yu67+0D3jxCAQU5rvgcS4IJc
	ToZxKZMFApaXu7qy/PKfRCfaVPTE97JUoKNtnyTVp65lBSw=
X-Google-Smtp-Source:	ABdhPJyiVCGHDtth3cfzzMbp8pDB+kFI/jSbKUvhDAKx1jazF0F/3DKVodTjse0isfjgfvDolXRsidO1djFhCq7iEOk=
X-Received:	by 2002:a37:6ca:: with SMTP id 193mr1925835qkg.436.1614248332685;
	Thu, 25 Feb 2021 02:18:52 -0800 (PST)
MIME-Version:	1.0
References:	<CAPeYm4iBym4M=ioB+o4DXnu+iF2dvyKZXB3NpipEbMDJ6Ke-VA AT mail DOT gmail DOT com>
In-Reply-To:	<CAPeYm4iBym4M=ioB+o4DXnu+iF2dvyKZXB3NpipEbMDJ6Ke-VA@mail.gmail.com>
From:	Adam Dinwoodie <adam AT dinwoodie DOT org>
Date:	Thu, 25 Feb 2021 10:18:16 +0000
Message-ID:	<CA+kUOa==j2r4DA+v+u9Se0N6_3YWgS788Ovs3VbsnUJwLjjCcA@mail.gmail.com>
Subject:	Re: Reporting security vulnerability
To:	"Cygwin (cygwin AT cygwin DOT com)" <cygwin AT cygwin DOT com>
X-Spam-Status:	No, score=-2.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,
	SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Sender:	"Cygwin" <cygwin-bounces AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 11PAIvKk032317

On Thu, 25 Feb 2021 at 10:12, Evyatar Gerzi via Cygwin wrote:
> Hello,
>
> I saw that you have a mailing list for bug reporting but the bug that I
> found is a security vulnerability, to whom I need to report it?
> I don't know if it is good that it will be "read by many people", but it's
> your call.

Hi Evyatar,

Can you narrow down where the security vulnerability is? Different
parts of Cygwin have different maintainers – each package has its own
maintainer, as well as separate ownership of the core Cygwin DLL and
things like the Cygwin website – and I expect different maintainers
might prefer different approaches.


Adam
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -