X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Message-ID: <482E2836.49FBC5B1@dessent.net>
Date: Fri, 16 May 2008 17:35:02 -0700
From: Brian Dessent <brian AT dessent DOT net>
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
MIME-Version: 1.0
To: unsolicited <unsolicited AT swiz DOT ca>
CC: cygwin AT cygwin DOT com
Subject: Re: SSH / SSL vulnerable?
References: <482DD839 DOT 4060905 AT swiz DOT ca>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
Reply-To: cygwin AT cygwin DOT com
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

unsolicited wrote:

> Is cygwin's ssh / ssl vulnerable, as per the recent debian / buntu's
> security alert?

The openssl problem was caused by a Debian local patch that was
installed to quell valgrind warnings.  Valgrind supports only
linux+glibc, so there would be no reason to apply such a patch to a
Cygwin openssl, which is built OOTB from upstream sources with no
changes.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/