| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DMARC-Filter: | OpenDMARC Filter v1.4.1 sourceware.org 5FE603858418 |
| Authentication-Results: | sourceware.org; |
| dmarc=none (p=none dis=none) header.from=cs.umass.edu | |
| Authentication-Results: | sourceware.org; spf=pass smtp.mailfrom=cs.umass.edu |
| Subject: | Re: Inquiry on Apache Log4j's Effect on Cygwin Software |
| To: | "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com> |
| References: | <MW5PR16MB4715B5B954FCFE75D451F6E7D77E9 AT MW5PR16MB4715 DOT namprd16 DOT prod DOT outlook DOT com> |
| <CANV9t=Ra1_dHnGA1z=ae68p2k8nBGCcz6nCq724ii+eN_QmdEw AT mail DOT gmail DOT com> | |
| From: | Eliot Moss <moss AT cs DOT umass DOT edu> |
| Message-ID: | <c0fb2faa-ac8a-80e0-c51b-154a1f498d4d@cs.umass.edu> |
| Date: | Thu, 23 Dec 2021 10:47:37 -0500 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 |
| Thunderbird/68.12.1 | |
| MIME-Version: | 1.0 |
| In-Reply-To: | <CANV9t=Ra1_dHnGA1z=ae68p2k8nBGCcz6nCq724ii+eN_QmdEw@mail.gmail.com> |
| X-Spam-Status: | No, score=-3.4 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, |
| NICE_REPLY_A, SPF_HELO_NONE, SPF_PASS, | |
| TXREP autolearn=ham autolearn_force=no version=3.4.4 | |
| X-Spam-Checker-Version: | SpamAssassin 3.4.4 (2020-01-24) on |
| server2.sourceware.org | |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.29 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| Reply-To: | moss AT cs DOT umass DOT edu |
| Errors-To: | cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> |
On 12/23/2021 10:43 AM, Bill Stewart wrote: > On Thu, Dec 23, 2021 at 8:19 AM Iyana Garry wrote: > > Is there any confirmation that Cygwin software is not impacted by the >> Apache Log4J vulnerabilities (CVE-2021-44228, CVE-2021-45046 and >> CVE-2021-45105)? >> > > I'm not sure why there would need to be any such confirmation. Log4J is a > Java application logging framework. To clarify further, Java on the Windows platform is Windows native. While it is possible to invoke Java from Cygwin bash, it is the native Java one would invoke. I am not aware of any Cygwin programs that require and invoke Java. Best wishes - Eliot Moss -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |