Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <005901c238a1$4168c2f0$23638780@uchicago.edu> From: "Kim Scarborough" To: References: <20020730160945 DOT EC06B1B5E2 AT redhat DOT com> <01d501c23805$2cdbcef0$23638780 AT uchicago DOT edu> <20020731114240 DOT E3921 AT cygbert DOT vinschen DOT de> Subject: Re: [ANNOUNCEMENT] Updated: openssl-0.9.6e-1 Date: Wed, 31 Jul 2002 09:47:55 -0500 > > Shouldn't openssh, lynx, wget, etc. be recompiled against the new openssl > > libs? > > According to the security announcement, yes. > > This should only apply to apps which are linked statically against > OpenSSL, though. Well, that would be all of those, I believe. > Other than that, it's the responsibility of the maintainer of these > packages to do that. Are they aware that this needs to be done? This is a fairly serious security hole, especially in the case of openssh. ---------------------------------------------------------------------------- Kim Scarborough Web Systems Administrator University of Chicago/NSIT (773) 834-7740 ---------------------------------------------------------------------------- Now listening to: Charlie 'Bozo' Nickerson - "What's the Matter Now? Part 2" ---------------------------------------------------------------------------- -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/