X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:message-id:date:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=kgV
	XlU629GOo8HAdF94kUkesfMK0ttlNty7Lhj0HOhlqoaIse++p+2j3bs8KPr3eTh2
	e2l1bQkWMXWuXvAply++LOCmstHW3SwD81ZLPpYjI3Vu3FOAPctL40ZJMdhQVyB/
	FuCkZE7IjI6NSDtMdluuW4eb6NTpbWcTk2o8JFQU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:message-id:date:mime-version
	:content-type:content-transfer-encoding; s=default; bh=jcReCig+9
	TKPzg6XU2ZioSbv8vA=; b=vXm1w0GxLW7Bg459WXY3SIcyOhSUlmJl4XYMmfzja
	+/7U0Hg7/QHG0xStsNfuA1zSRYIBwgpQ48ZIWYpBziT2kBg05uWEEFBBP66jwbUV
	t6d1FhuaXWRcIsbfCdlTapmiY1+TUbBwlz5SXrlEvmMrMnbHXnBthAIbkGXDGzKY
	88=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=HX-Languages-Length:319, dated
X-HELO: mout.perfora.net
To: cygwin@cygwin.com
From: Bruce Halco <bruce@halcomp.com>
Subject: openSSH Vulnerability
Message-ID: <cdd0f8a3-8e3c-5b9c-7633-40af3424f780@halcomp.com>
Date: Wed, 20 Mar 2019 09:13:21 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

openSSH 7.9 is subject to vulnerability CVE-2019-6111. This has been 
fixed in at least some distributions, Debian at least.

As the cygwin openSSH files are all dated October, 2018, it seems clear 
that the fix has not yet been applied to cygwin.

Are there plans to address this?

Thanks.

Bruce




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple