Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <005901c238a1$4168c2f0$23638780@uchicago.edu>
From: "Kim Scarborough" <lists AT jinx DOT unknown DOT nu>
To: <cygwin AT cygwin DOT com>
References: <20020730160945 DOT EC06B1B5E2 AT redhat DOT com> <01d501c23805$2cdbcef0$23638780 AT uchicago DOT edu> <20020731114240 DOT E3921 AT cygbert DOT vinschen DOT de>
Subject: Re: [ANNOUNCEMENT] Updated: openssl-0.9.6e-1
Date: Wed, 31 Jul 2002 09:47:55 -0500

> > Shouldn't openssh, lynx, wget, etc. be recompiled against the new openssl
> > libs?
>
> According to the security announcement, yes.
>
> This should only apply to apps which are linked statically against
> OpenSSL, though.

Well, that would be all of those, I believe.

> Other than that, it's the responsibility of the maintainer of these
> packages to do that.

Are they aware that this needs to be done? This is a fairly serious security
hole, especially in the case of openssh.

----------------------------------------------------------------------------
Kim Scarborough                                  Web Systems Administrator
University of Chicago/NSIT                       (773) 834-7740
----------------------------------------------------------------------------
Now listening to: Charlie 'Bozo' Nickerson - "What's the Matter Now? Part 2"
----------------------------------------------------------------------------




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/