From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.131]) by sourceware.org (Postfix) with ESMTPS id 3B8DA3861026 for ; Thu, 25 Feb 2021 13:15:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3B8DA3861026 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=towo.net Authentication-Results: sourceware.org; spf=none smtp.mailfrom=towo@towo.net Received: from [192.168.178.72] ([91.65.218.78]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MZkd5-1lHnIb1meF-00Wq3c for ; Thu, 25 Feb 2021 14:15:38 +0100 Subject: Re: Reporting security vulnerability To: cygwin@cygwin.com References: From: Thomas Wolff Message-ID: <387526a8-dd8a-f8bd-f174-ddd9e96ec190@towo.net> Date: Thu, 25 Feb 2021 14:15:39 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K1:E+S4aFxogMT8fhDIPuxdZPO/sd/rYNtuYrQxubW9Tgz4U7JEYIU /r2bDVqH2ggiTsFDB39GvmUF8TZfbwLFtjjublrwHIIVTTDEqbxjRd+e/x8w8XZAYTW6Ezv IzaOrSFcqpIWV1rbtQP32iuPOKtmyR7azsuSI3p3xnIm/QgMDIsxUWRtDVeK1OtrbHKJSmJ TYbhj0E6ImSY6gVyVwxrA== X-UI-Out-Filterresults: notjunk:1;V03:K0:ymCMYK6jsI8=:MUgqSbg5bmXjOBrE15U1n0 +JXedT7H63HLbJhWTJjtBwHGdcjSQfZ+h3j52kTrPna+QXnpxREt66hOH7Lc+uRU2ea2XEebx 4qGRk1b89fIZnsXhBmclfUDtXj+FM10pzWPZ3/ZNnTPWSvcQ9xd6pjomxtMCwcMM/InjtfsWT GAG4wq5icXk+LuXxp/1LLyb5NEf2FHWlPB3nDKiKKAx35WdMeZFArcDBektf6o12MRItLrgKz FLexviHKmxlWiU0VZbOMntp/KVUxmsdWJo7p20RIufOkap0SW0vUtlJs/NCUIor70tob3PjH7 brqHNyuTjK4Q62nYBfcW4krJRO3m2EF96HfaFtozQeGx1xnf8Tna9zAM30rssHDmB02XmCdr0 25Hiw/KOI6MNry5oY63W0osjRQxY6zXKNqOJ9zmTQL5MPpp4mhEA/OojYrBZQ X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2021 13:15:46 -0000 Am 25.02.2021 um 13:57 schrieb Evyatar Gerzi via Cygwin: > My apologies again, I am not sure to whom I should address the > vulnerability. > Because Thomas fixed it in MinTTY but I don't know who is responsible to > implement it inside Cygwin. The fix is included in 3.4.6, released as a Cygwin package. Just not to worry too much, it was a denial-of-service style thing, not an intrusion vulnerability. Thomas > I appreciate your help, thanks, > > Eviatar Gerzi > > On Thu, Feb 25, 2021 at 1:10 PM Evyatar Gerzi wrote: > >> Sorry, I just noticed that Thomas is one of the authors and he is already >> familiar with this issue and fixed it. >> I will send him separate mail and ask him if there is also a fix for >> Cygwin. >> >> Thanks, >> >> Eviatar >> >> On Thu, Feb 25, 2021 at 12:08 PM Evyatar Gerzi >> wrote: >> >>> Hello, >>> >>> I saw that you have a mailing list for bug reporting but the bug that I >>> found is a security vulnerability, to whom I need to report it? >>> I don't know if it is good that it will be "read by many people", but >>> it's your call. >>> >>> Thanks, >>> >>> Eviatar Gerzi >>> >>> > -- > Problem reports: https://cygwin.com/problems.html > FAQ: https://cygwin.com/faq/ > Documentation: https://cygwin.com/docs.html > Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple