Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Delivered-To: fixup-cygwin AT cygwin DOT com@fixme
From: "Paul G." <pgarceau AT qwest DOT net>
Organization: Paul G.
To: cygwin AT cygwin DOT com
Date: Thu, 13 Dec 2001 19:46:35 -0800
MIME-Version: 1.0
Subject: Exploitation of vulnerability in SSH1 CRC-32 compensation
Reply-to: pgarceau AT qwest DOT net
Message-ID: <3C19059B.21306.1306EC2@localhost>
X-mailer: Pegasus Mail for Windows (v4.01)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body

Hi folks, 

	Not sure if this even applies for Cygwin, but thought I'd ask: 

	SSH CRC32 attack detection code contains remote integer overflow 

	Description:  http://www.kb.cert.org/vuls/id/945216 

	Is the version of OpenSSH that is currently in use for Cygwin vulnerable? 

	Paul G.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/