X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6E93E389040D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1614258025; bh=qzA1l3dCRTOdfRRlbv+X50et8uGlcGltIDYiFl+72mU=; h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=Fc3NF+ZnmW9SeMCHLCQqh3QVzXWAe7YzFivZxFTi4N18FD6UiRkoVnIQSjavIgGwj 2iexh7e1/B+04Hi7/EpO26kynnucBLd/bpm7SqsvGLerJQErr/S4aiiSpubQjf6IH0 Zzl0IO56GYRk3nMxiA+/qkrVt6J/28RfQgP8rXRw= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 63BFC3836C5B X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=n3OLm1HGFCEl8BUgVR+hFNJKmwPSGJP7a6BetINf++k=; b=h+e37QbFop2wzcOGm0ALAi3nwqmdxkxap2S4D6RWfOfS7WMkjB0FuWPOP4Ekx+WgF1 oj7tCevDuWnGmWh+d3LMLxCxjuPpJnnkFa6qqQFcRDemvmC/iaI7OOpXDJGtHDHp1xb7 7fcnZtYRHgwPx3qXrwY3ddQNb3XdfDfisoSZsxkFOgG5YhzCl0NuPPrIxOxbMLUpjkjc TR0JODNT9yNR8m8H032aQUGTDolM0MFxPV7eiWO0AxvgHnUUbDdsRxkMSIEd5ugSCAcX qB+0Osy8RZNpTVcyKSQCOrS1YC5+jw6/Hh1lXgjAKGk9zpRUhaJjdnqBQYK7Pj0tANkD 4PqQ== X-Gm-Message-State: AOAM533SHUewT+Lfe/wcdI2da7ILf+A2QFDqRQqRQMZU65Xl97Gsywhi /+VF0TucYp5ijzchIm0gvAq4Ds/g9QzEbwJs1gddhTd3N0MDgQ== X-Google-Smtp-Source: ABdhPJxsgCx2w8xBVAgj2jJ/dFi3J61pl+XvB0XeFa5Tz4LyeX0pxfUyO2fHWEANNJzYx9C/Iy5GZZSW6ZCnpwjjSVs= X-Received: by 2002:a17:906:ca58:: with SMTP id jx24mr2561069ejb.482.1614258019382; Thu, 25 Feb 2021 05:00:19 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 25 Feb 2021 14:57:15 +0200 Message-ID: Subject: Re: Reporting security vulnerability To: cygwin AT cygwin DOT com X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , From: Evyatar Gerzi via Cygwin Reply-To: Evyatar Gerzi Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Cygwin" My apologies again, I am not sure to whom I should address the vulnerability. Because Thomas fixed it in MinTTY but I don't know who is responsible to implement it inside Cygwin. I appreciate your help, thanks, Eviatar Gerzi On Thu, Feb 25, 2021 at 1:10 PM Evyatar Gerzi wrote: > Sorry, I just noticed that Thomas is one of the authors and he is already > familiar with this issue and fixed it. > I will send him separate mail and ask him if there is also a fix for > Cygwin. > > Thanks, > > Eviatar > > On Thu, Feb 25, 2021 at 12:08 PM Evyatar Gerzi > wrote: > >> Hello, >> >> I saw that you have a mailing list for bug reporting but the bug that I >> found is a security vulnerability, to whom I need to report it? >> I don't know if it is good that it will be "read by many people", but >> it's your call. >> >> Thanks, >> >> Eviatar Gerzi >> >> -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple