From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-return-41713-listarch-cygwin=sourceware.cygnus.com@cygwin.com>
Received: (qmail 22767 invoked by alias); 14 Dec 2001 10:40:01 -0000
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Received: (qmail 22697 invoked from network); 14 Dec 2001 10:39:57 -0000
Received: from unknown (HELO cygnus.com) (205.180.230.5)
  by sources.redhat.com with SMTP; 14 Dec 2001 10:39:57 -0000
Received: from cygbert.vinschen.de (cse.cygnus.com [205.180.230.236])
	by runyon.cygnus.com (8.8.7-cygnus/8.8.7) with ESMTP id CAA16530
	for <cygwin@cygwin.com>; Fri, 14 Dec 2001 02:39:50 -0800 (PST)
Received: (from corinna@localhost)
	by cygbert.vinschen.de (8.9.3/8.9.3/Linux sendmail 8.9.3) id LAA23036
	for cygwin@cygwin.com; Fri, 14 Dec 2001 11:39:14 +0100
Date: Fri, 14 Dec 2001 02:57:00 -0000
From: Corinna Vinschen <cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: Exploitation of vulnerability in SSH1 CRC-32 compensation
Message-ID: <20011214113914.K740@cygbert.vinschen.de>
Mail-Followup-To: cygwin@cygwin.com
References: <3C19059B.21306.1306EC2@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3C19059B.21306.1306EC2@localhost>; from pgarceau@qwest.net on Thu, Dec 13, 2001 at 07:46:35PM -0800
X-SW-Source: 2001-12/txt/msg00726.txt.bz2

On Thu, Dec 13, 2001 at 07:46:35PM -0800, Paul G. wrote:
> Hi folks, 
> 
> 	Not sure if this even applies for Cygwin, but thought I'd ask: 
> 
> 	SSH CRC32 attack detection code contains remote integer overflow 
> 
> 	Description:  http://www.kb.cert.org/vuls/id/945216 
> 
> 	Is the version of OpenSSH that is currently in use for Cygwin vulnerable? 

http://www.kb.cert.org/CERT_WEB/vul-notes.nsf/id/JPLA-53TPWS

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/