delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2021/02/25/08:15:52

X-Recipient: archive-cygwin AT delorie DOT com
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3B8DA3861026
Authentication-Results: sourceware.org;
dmarc=none (p=none dis=none) header.from=towo.net
Authentication-Results: sourceware.org; spf=none smtp.mailfrom=towo AT towo DOT net
Subject: Re: Reporting security vulnerability
To: cygwin AT cygwin DOT com
References: <CAPeYm4iBym4M=ioB+o4DXnu+iF2dvyKZXB3NpipEbMDJ6Ke-VA AT mail DOT gmail DOT com>
<CAPeYm4iToeoDKPOyGuJ0gQVYes9xGh2cua3K2oEw=vC4hNGKrw AT mail DOT gmail DOT com>
<CAPeYm4iKPZCgZyF_C49FfpLq36UAhRCmMOS8xWodRgOOicdWPQ AT mail DOT gmail DOT com>
From: Thomas Wolff <towo AT towo DOT net>
Message-ID: <387526a8-dd8a-f8bd-f174-ddd9e96ec190@towo.net>
Date: Thu, 25 Feb 2021 14:15:39 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <CAPeYm4iKPZCgZyF_C49FfpLq36UAhRCmMOS8xWodRgOOicdWPQ@mail.gmail.com>
X-Provags-ID: V03:K1:E+S4aFxogMT8fhDIPuxdZPO/sd/rYNtuYrQxubW9Tgz4U7JEYIU
/r2bDVqH2ggiTsFDB39GvmUF8TZfbwLFtjjublrwHIIVTTDEqbxjRd+e/x8w8XZAYTW6Ezv
IzaOrSFcqpIWV1rbtQP32iuPOKtmyR7azsuSI3p3xnIm/QgMDIsxUWRtDVeK1OtrbHKJSmJ
TYbhj0E6ImSY6gVyVwxrA==
X-UI-Out-Filterresults: notjunk:1;V03:K0:ymCMYK6jsI8=:MUgqSbg5bmXjOBrE15U1n0
+JXedT7H63HLbJhWTJjtBwHGdcjSQfZ+h3j52kTrPna+QXnpxREt66hOH7Lc+uRU2ea2XEebx
4qGRk1b89fIZnsXhBmclfUDtXj+FM10pzWPZ3/ZNnTPWSvcQ9xd6pjomxtMCwcMM/InjtfsWT
GAG4wq5icXk+LuXxp/1LLyb5NEf2FHWlPB3nDKiKKAx35WdMeZFArcDBektf6o12MRItLrgKz
FLexviHKmxlWiU0VZbOMntp/KVUxmsdWJo7p20RIufOkap0SW0vUtlJs/NCUIor70tob3PjH7
brqHNyuTjK4Q62nYBfcW4krJRO3m2EF96HfaFtozQeGx1xnf8Tna9zAM30rssHDmB02XmCdr0
25Hiw/KOI6MNry5oY63W0osjRQxY6zXKNqOJ9zmTQL5MPpp4mhEA/OojYrBZQ
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,
SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.29
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
Errors-To: cygwin-bounces AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces AT cygwin DOT com> 

Am 25.02.2021 um 13:57 schrieb Evyatar Gerzi via Cygwin:
> My apologies again, I am not sure to whom I should address the
> vulnerability.
> Because Thomas fixed it in MinTTY but I don't know who is responsible to
> implement it inside Cygwin.
The fix is included in 3.4.6, released as a Cygwin package.
Just not to worry too much, it was a denial-of-service style thing, not 
an intrusion vulnerability.
Thomas

> I appreciate your help, thanks,
>
> Eviatar Gerzi
>
> On Thu, Feb 25, 2021 at 1:10 PM Evyatar Gerzi <evyatar575 AT gmail DOT com> wrote:
>
>> Sorry, I just noticed that Thomas is one of the authors and he is already
>> familiar with this issue and fixed it.
>> I will send him separate mail and ask him if there is also a fix for
>> Cygwin.
>>
>> Thanks,
>>
>> Eviatar
>>
>> On Thu, Feb 25, 2021 at 12:08 PM Evyatar Gerzi <evyatar575 AT gmail DOT com>
>> wrote:
>>
>>> Hello,
>>>
>>> I saw that you have a mailing list for bug reporting but the bug that I
>>> found is a security vulnerability, to whom I need to report it?
>>> I don't know if it is good that it will be "read by many people", but
>>> it's your call.
>>>
>>> Thanks,
>>>
>>> Eviatar Gerzi
>>>
>>>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

--
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019