Mail Archives: cygwin/2021/02/25/08:00:29

Evyatar Gerzi via Cygwin <cygwin AT cygwin DOT com> · Thu, 25 Feb 2021 14:57:15 +0200

My apologies again, I am not sure to whom I should address the
vulnerability.
Because Thomas fixed it in MinTTY but I don't know who is responsible to
implement it inside Cygwin.

I appreciate your help, thanks,

Eviatar Gerzi

On Thu, Feb 25, 2021 at 1:10 PM Evyatar Gerzi <evyatar575 AT gmail DOT com> wrote:

> Sorry, I just noticed that Thomas is one of the authors and he is already
> familiar with this issue and fixed it.
> I will send him separate mail and ask him if there is also a fix for
> Cygwin.
>
> Thanks,
>
> Eviatar
>
> On Thu, Feb 25, 2021 at 12:08 PM Evyatar Gerzi <evyatar575 AT gmail DOT com>
> wrote:
>
>> Hello,
>>
>> I saw that you have a mailing list for bug reporting but the bug that I
>> found is a security vulnerability, to whom I need to report it?
>> I don't know if it is good that it will be "read by many people", but
>> it's your call.
>>
>> Thanks,
>>
>> Eviatar Gerzi
>>
>>
--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 6E93E389040D
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1614258025;
	bh=qzA1l3dCRTOdfRRlbv+X50et8uGlcGltIDYiFl+72mU=;
	h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=Fc3NF+ZnmW9SeMCHLCQqh3QVzXWAe7YzFivZxFTi4N18FD6UiRkoVnIQSjavIgGwj
	2iexh7e1/B+04Hi7/EpO26kynnucBLd/bpm7SqsvGLerJQErr/S4aiiSpubQjf6IH0
	Zzl0IO56GYRk3nMxiA+/qkrVt6J/28RfQgP8rXRw=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.3.2 sourceware.org 63BFC3836C5B
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:references:in-reply-to:from:date
	:message-id:subject:to;
	bh=n3OLm1HGFCEl8BUgVR+hFNJKmwPSGJP7a6BetINf++k=;
	b=h+e37QbFop2wzcOGm0ALAi3nwqmdxkxap2S4D6RWfOfS7WMkjB0FuWPOP4Ekx+WgF1
	oj7tCevDuWnGmWh+d3LMLxCxjuPpJnnkFa6qqQFcRDemvmC/iaI7OOpXDJGtHDHp1xb7
	7fcnZtYRHgwPx3qXrwY3ddQNb3XdfDfisoSZsxkFOgG5YhzCl0NuPPrIxOxbMLUpjkjc
	TR0JODNT9yNR8m8H032aQUGTDolM0MFxPV7eiWO0AxvgHnUUbDdsRxkMSIEd5ugSCAcX
	qB+0Osy8RZNpTVcyKSQCOrS1YC5+jw6/Hh1lXgjAKGk9zpRUhaJjdnqBQYK7Pj0tANkD
	4PqQ==
X-Gm-Message-State:	AOAM533SHUewT+Lfe/wcdI2da7ILf+A2QFDqRQqRQMZU65Xl97Gsywhi
	/+VF0TucYp5ijzchIm0gvAq4Ds/g9QzEbwJs1gddhTd3N0MDgQ==
X-Google-Smtp-Source:	ABdhPJxsgCx2w8xBVAgj2jJ/dFi3J61pl+XvB0XeFa5Tz4LyeX0pxfUyO2fHWEANNJzYx9C/Iy5GZZSW6ZCnpwjjSVs=
X-Received:	by 2002:a17:906:ca58:: with SMTP id
	jx24mr2561069ejb.482.1614258019382;
	Thu, 25 Feb 2021 05:00:19 -0800 (PST)
MIME-Version:	1.0
References:	<CAPeYm4iBym4M=ioB+o4DXnu+iF2dvyKZXB3NpipEbMDJ6Ke-VA AT mail DOT gmail DOT com>
	<CAPeYm4iToeoDKPOyGuJ0gQVYes9xGh2cua3K2oEw=vC4hNGKrw AT mail DOT gmail DOT com>
In-Reply-To:	<CAPeYm4iToeoDKPOyGuJ0gQVYes9xGh2cua3K2oEw=vC4hNGKrw@mail.gmail.com>
Date:	Thu, 25 Feb 2021 14:57:15 +0200
Message-ID:	<CAPeYm4iKPZCgZyF_C49FfpLq36UAhRCmMOS8xWodRgOOicdWPQ@mail.gmail.com>
Subject:	Re: Reporting security vulnerability
To:	cygwin AT cygwin DOT com
X-Spam-Status:	No, score=-2.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT,
	FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
	TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version:	SpamAssassin 3.4.2 (2018-09-13) on
	server2.sourceware.org
X-Content-Filtered-By:	Mailman/MimeDel 2.1.29
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.29
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Evyatar Gerzi via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Evyatar Gerzi <evyatar575 AT gmail DOT com>
Sender:	"Cygwin" <cygwin-bounces AT cygwin DOT com>

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019