Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Date: Wed, 31 Jul 2002 16:51:37 +0200 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: [ANNOUNCEMENT] Updated: openssl-0.9.6e-1 Message-ID: <20020731165137.A10248@cygbert.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <20020730160945 DOT EC06B1B5E2 AT redhat DOT com> <01d501c23805$2cdbcef0$23638780 AT uchicago DOT edu> <20020731114240 DOT E3921 AT cygbert DOT vinschen DOT de> <005901c238a1$4168c2f0$23638780 AT uchicago DOT edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <005901c238a1$4168c2f0$23638780@uchicago.edu> User-Agent: Mutt/1.3.22.1i On Wed, Jul 31, 2002 at 09:47:55AM -0500, Kim Scarborough wrote: > > > Shouldn't openssh, lynx, wget, etc. be recompiled against the new openssl > > > libs? > > > > According to the security announcement, yes. > > > > This should only apply to apps which are linked statically against > > OpenSSL, though. > > Well, that would be all of those, I believe. > > > Other than that, it's the responsibility of the maintainer of these > > packages to do that. > > Are they aware that this needs to be done? This is a fairly serious security > hole, especially in the case of openssh. I'm the maintainer of openssh... Other than that I *assume* that our maintainers read the announcement of their fellow maintainers. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Developer mailto:cygwin AT cygwin DOT com Red Hat, Inc. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/