X-Recipient: archive-cygwin AT delorie DOT com X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3B8DA3861026 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=towo.net Authentication-Results: sourceware.org; spf=none smtp.mailfrom=towo AT towo DOT net Subject: Re: Reporting security vulnerability To: cygwin AT cygwin DOT com References: From: Thomas Wolff Message-ID: <387526a8-dd8a-f8bd-f174-ddd9e96ec190@towo.net> Date: Thu, 25 Feb 2021 14:15:39 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: X-Provags-ID: V03:K1:E+S4aFxogMT8fhDIPuxdZPO/sd/rYNtuYrQxubW9Tgz4U7JEYIU /r2bDVqH2ggiTsFDB39GvmUF8TZfbwLFtjjublrwHIIVTTDEqbxjRd+e/x8w8XZAYTW6Ezv IzaOrSFcqpIWV1rbtQP32iuPOKtmyR7azsuSI3p3xnIm/QgMDIsxUWRtDVeK1OtrbHKJSmJ TYbhj0E6ImSY6gVyVwxrA== X-UI-Out-Filterresults: notjunk:1;V03:K0:ymCMYK6jsI8=:MUgqSbg5bmXjOBrE15U1n0 +JXedT7H63HLbJhWTJjtBwHGdcjSQfZ+h3j52kTrPna+QXnpxREt66hOH7Lc+uRU2ea2XEebx 4qGRk1b89fIZnsXhBmclfUDtXj+FM10pzWPZ3/ZNnTPWSvcQ9xd6pjomxtMCwcMM/InjtfsWT GAG4wq5icXk+LuXxp/1LLyb5NEf2FHWlPB3nDKiKKAx35WdMeZFArcDBektf6o12MRItLrgKz FLexviHKmxlWiU0VZbOMntp/KVUxmsdWJo7p20RIufOkap0SW0vUtlJs/NCUIor70tob3PjH7 brqHNyuTjK4Q62nYBfcW4krJRO3m2EF96HfaFtozQeGx1xnf8Tna9zAM30rssHDmB02XmCdr0 25Hiw/KOI6MNry5oY63W0osjRQxY6zXKNqOJ9zmTQL5MPpp4mhEA/OojYrBZQ X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: cygwin-bounces AT cygwin DOT com Sender: "Cygwin" Am 25.02.2021 um 13:57 schrieb Evyatar Gerzi via Cygwin: > My apologies again, I am not sure to whom I should address the > vulnerability. > Because Thomas fixed it in MinTTY but I don't know who is responsible to > implement it inside Cygwin. The fix is included in 3.4.6, released as a Cygwin package. Just not to worry too much, it was a denial-of-service style thing, not an intrusion vulnerability. Thomas > I appreciate your help, thanks, > > Eviatar Gerzi > > On Thu, Feb 25, 2021 at 1:10 PM Evyatar Gerzi wrote: > >> Sorry, I just noticed that Thomas is one of the authors and he is already >> familiar with this issue and fixed it. >> I will send him separate mail and ask him if there is also a fix for >> Cygwin. >> >> Thanks, >> >> Eviatar >> >> On Thu, Feb 25, 2021 at 12:08 PM Evyatar Gerzi >> wrote: >> >>> Hello, >>> >>> I saw that you have a mailing list for bug reporting but the bug that I >>> found is a security vulnerability, to whom I need to report it? >>> I don't know if it is good that it will be "read by many people", but >>> it's your call. >>> >>> Thanks, >>> >>> Eviatar Gerzi >>> >>> > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple