From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1610 invoked by alias); 3 Apr 2008 12:17:32 -0000 Received: (qmail 498 invoked by uid 22791); 3 Apr 2008 12:14:21 -0000 X-Spam-Check-By: sourceware.org Date: Thu, 03 Apr 2008 12:17:00 -0000 From: Corinna Vinschen To: cygwin-announce@cygwin.com Subject: Updated: OpenSSH-5.0p1-1 Message-ID: <20080403121343.GA23997@calimero.vinschen.de> Mail-Followup-To: cygwin-announce@cygwin.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.16 (2007-06-09) Mailing-List: contact cygwin-announce-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-announce-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Reply-To: The Cygwin Mailing List X-SW-Source: 2008-04/txt/msg00010.txt.bz2 I've just updated the version of OpenSSH to 5.0p1-1. This is a new major upstream release. It fixes a security related issue found right after the release of 4.9p1. The Cygwin release is created from the vanilla sources. The official release message of 5.0p1: ==================================================================== OpenSSH 5.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. We apologise for any inconvenience resulting from this release being made so shortly after 4.9. Unfortunately we only learned of the below security issue from the public CVE report. The Debian OpenSSH maintainers responsible for handling the initial report of this bug failed to report it via either the private OpenSSH security contact list (openssh@openssh.com) or the portable OpenSSH Bugzilla (http://bugzilla.mindrot.org/). We ask anyone wishing to report security bugs in OpenSSH to please use the openssh@openssh.com contact and to practice responsible disclosure. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots and purchased T-shirts or posters. T-shirt, poster and CD sales directly support the project. Pictures and more information can be found at: http://www.openbsd.org/tshirts.html and http://www.openbsd.org/orders.html For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 4.9: ============================ Security: * CVE-2008-1483: Avoid possible hijacking of X11-forwarded connections by refusing to listen on a port unless all address families bind successfully. Checksums: ========== - SHA1 (openssh-5.0.tar.gz) = 729fb3168edf6a68408223b5ed82e59d13b57c47 - SHA1 (openssh-5.0p1.tar.gz) = 121cea3a730c0b0353334b6f46f438de30ab4928 Reporting Bugs: =============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben Lindstrom. ==================================================================== To update your installation, click on the "Install Cygwin now" link on the http://cygwin.com/ web page. This downloads setup.exe to your system. Then, run setup and answer all of the questions. *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO *** If you want to unsubscribe from the cygwin-announce mailing list, look at the "List-Unsubscribe: " tag in the email header of this message. Send email to the address specified there. It will be in the format: cygwin-announce-unsubscribe-you=3D3Dyourdomain.com@cygwin.com If you need more information on unsubscribing, start reading here: http://sources.redhat.com/lists.html#unsubscribe-simple Please read *all* of the information on unsubscribing that is available starting at this URL. -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat