X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:date:from:to:subject:message-id :mime-version:content-type; q=dns; s=default; b=NSOI/MZwG3HgReO/ oKdmFPJVD3jFEZoowUg60WEJ35NzfuzvmfLRzQS6OFcNv8Vr7pOW7Qz8XP2+AprY qFbHFgdbGjRnZ8eTYDe43kqQ5bOlylyDyUQQCQYmHgo/zsYtb6cNbspXJBvK65hS E8SaQbuOade13Nr+DBtQYS0SDfE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:reply-to:date:from:to:subject:message-id :mime-version:content-type; s=default; bh=Pvn6wF70Ew3ll2cptopGOr Cpn3s=; b=TGH4MNNE3E6LAVSqAmEnhfaye25a4T9c/M9YT07GQuqLDtO51bAek9 r2i5RFwzJoFp7cv4kkzpu77ZNmTbMYgXn0wK5gztcvhgitHSqDj1B0e2c9xMo4ps 2uOYgYtoGA8J/strJMB3hVtMn460CUbbscT7Go6iEGMYxFVtTmk2Y= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-HELO: localhost.localdomain Reply-To: cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-93.1 required=5.0 tests=BAYES_50,KAM_ASCII_DIVIDERS,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_PBL,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no version=3.3.2 spammy=1.3, rice, kevin, Kevin Date: Fri, 11 Mar 2016 18:44:57 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: [ANNOUNCEMENT] Updated: OpenSSH-7.2p2-1 Message-Id: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) I've just updated the Cygwin version of OpenSSH to 7.2p2-1. This is a security upstream release. Below's the original release message. ========================================================================= Portable OpenSSH 7.2p2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html Changes since OpenSSH 7.2p1 =========================== This release fixes a security bug: * sshd(8): sanitise X11 authentication credentials to avoid xauth command injection when X11Forwarding is enabled. Full details of the vulnerability are available at: http://www.openssh.com/txt/x11fwd.adv Checksums: ========== - SHA1 (openssh-7.2p2.tar.gz) = 70e35d7d6386fe08abbd823b3a12a3ca44ac6d38 - SHA256 (openssh-7.2p2.tar.gz) = pyeB0aBDh2oiT/GwAy2qQJTYdWWmhSh1nBwsq1SCVIw= Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). The PGP key used to sign the releases is available as RELEASE_KEY.asc from the mirror sites. Reporting Bugs: =============== - Please read http://www.openssh.com/report.html Security bugs should be reported directly to openssh AT openssh DOT com OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben Lindstrom. ========================================================================= Have fun, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple