From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-apps-return-36996-listarch-cygwin-apps=sources.redhat.com@cygwin.com>
Received: (qmail 66179 invoked by alias); 9 Feb 2016 22:48:17 -0000
Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm
Precedence: bulk
Sender: cygwin-apps-owner@cygwin.com
List-Id: <cygwin-apps.cygwin.com>
List-Subscribe: <mailto:cygwin-apps-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-help@cygwin.com>, <http://sourceware.org/lists.html#faqs>
Mail-Followup-To: cygwin-apps@cygwin.com
Received: (qmail 66083 invoked by uid 89); 9 Feb 2016 22:48:16 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=2.8 required=5.0 tests=AWL,BAYES_60,KAM_LAZY_DOMAIN_SECURITY,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=collected, H*RU:sk:BAY004-, Hx-spam-relays-external:sk:BAY004-, tony
X-HELO: BAY004-OMC4S16.hotmail.com
Received: from bay004-omc4s16.hotmail.com (HELO BAY004-OMC4S16.hotmail.com) (65.54.190.218) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA256 encrypted) ESMTPS; Tue, 09 Feb 2016 22:48:15 +0000
Received: from BAY169-W122 ([65.54.190.201]) by BAY004-OMC4S16.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);	 Tue, 9 Feb 2016 14:48:13 -0800
X-TMN: [i90kMJbncdtN+3wSVwVzga1e6OvP/UovCumAK7rvceg=]
Message-ID: <BAY169-W1226B2C49C76FFFF5DE4282A7D60@phx.gbl>
From: Tony Kelman <tony@kelman.net>
To: "cygwin-apps@cygwin.com" <cygwin-apps@cygwin.com>
Subject: RE: [SECURITY] p7zip: CVE-2015-1038
Date: Tue, 09 Feb 2016 22:48:00 -0000
In-Reply-To: <20160209104055.GB20838@calimero.vinschen.de>
References: <56AB9A3F.3040808@cygwin.com> <BAY169-W135C2459F190107A746FE76A7DB0@phx.gbl> <BAY169-W401D7F793D3E837DBF61F5A7DC0@phx.gbl> <BAY169-W408B5913ECB16EC67C8CD4A7DC0@phx.gbl> <20160208135409.GI27646@calimero.vinschen.de> <BAY169-W61D70AFE36EB965B52B599A7D60@phx.gbl>,<20160209104055.GB20838@calimero.vinschen.de>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-IsSubscribed: yes
X-SW-Source: 2016-02/txt/msg00022.txt.bz2

>> I don't have anything for sourceware or cygwin.com in
>> ~/.ssh/known_hosts, should I?
>
> In theory, yes. It's usually collected the first time you connect to
> the host. The idea is to have a known key to compare the host against
> to disallow MITM attacks.

Hm okay, what's the best way to get this fixed then? Generate new
ssh keys? Or someone else can NMU this since it's a security issue,
my cygport including the new patch is at https://github.com/tkelman/cygwin-=
p7zip

-Tony

=20=09=09=20=09=20=20=20=09=09=20=20