X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:message-id:date:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=kgV
	XlU629GOo8HAdF94kUkesfMK0ttlNty7Lhj0HOhlqoaIse++p+2j3bs8KPr3eTh2
	e2l1bQkWMXWuXvAply++LOCmstHW3SwD81ZLPpYjI3Vu3FOAPctL40ZJMdhQVyB/
	FuCkZE7IjI6NSDtMdluuW4eb6NTpbWcTk2o8JFQU=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:message-id:date:mime-version
	:content-type:content-transfer-encoding; s=default; bh=jcReCig+9
	TKPzg6XU2ZioSbv8vA=; b=vXm1w0GxLW7Bg459WXY3SIcyOhSUlmJl4XYMmfzja
	+/7U0Hg7/QHG0xStsNfuA1zSRYIBwgpQ48ZIWYpBziT2kBg05uWEEFBBP66jwbUV
	t6d1FhuaXWRcIsbfCdlTapmiY1+TUbBwlz5SXrlEvmMrMnbHXnBthAIbkGXDGzKY
	88=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=HX-Languages-Length:319, dated
X-HELO: mout.perfora.net
To: cygwin AT cygwin DOT com
From: Bruce Halco <bruce AT halcomp DOT com>
Subject: openSSH Vulnerability
Message-ID: <cdd0f8a3-8e3c-5b9c-7633-40af3424f780@halcomp.com>
Date: Wed, 20 Mar 2019 09:13:21 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

openSSH 7.9 is subject to vulnerability CVE-2019-6111. This has been 
fixed in at least some distributions, Debian at least.

As the cygwin openSSH files are all dated October, 2018, it seems clear 
that the fix has not yet been applied to cygwin.

Are there plans to address this?

Thanks.

Bruce




--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple