From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) by sourceware.org (Postfix) with ESMTPS id 30CC53865C2D for ; Thu, 25 Feb 2021 10:18:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 30CC53865C2D Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=dinwoodie.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=adam@dinwoodie.org Received: by mail-qk1-x730.google.com with SMTP id w19so5048106qki.13 for ; Thu, 25 Feb 2021 02:18:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dinwoodie.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=xol6r48YPtRE2hmLFdAunCXbYJyU5DoXFSDu506vnPE=; b=P2JKyJUPQ0VAzp8CSR2yKjFpLvHpGWxdAmLTqmVAHCUqyKKmQeqXd7Hgp1mtEK+Uuq U1iMLLg8XBs3eAY2ygF+SwwwvkKDBATc5X3OS7I7WFSwFKg+KBwdP55D2laGhqeuqTcJ KiQNVeeNMhs0z5uhRdVMFTHRiBY6eI83qHens= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=xol6r48YPtRE2hmLFdAunCXbYJyU5DoXFSDu506vnPE=; b=tR+OsuPukmhO7eGeOSvpWn4KCl2CIs1dT7YBrUHBC3echyXa4gKyF94t8Wn6O4TxjZ 75F/OKoTP2p6HkcDAdYzW+rg1dzoix2Fajpe9A20PzWiQTwTy4tes3xj5r/jzfvbj29S Bj4dyQnoTPDmap9ZmLqRfD/wZK9vBmVmNFmPrq3tsvzMRIGSvWRYp0Q2dSTaqLe/nnm/ LSRZTaDiizmDBSA2ThV/eKQuPlk0D7R7U40mILDha8gpTn9P+Yis0ROV8+fS0j/sc0Bk Dmm6RhTtrz/DHy5/Z53RyJGW9Yu3KFqt3IUH10dWGhN5TJD/OASSkJ5vZPLG7H2VI/vJ pcqA== X-Gm-Message-State: AOAM531ikoQezm30NxbjSl6kRbHZsvh1yu67+0D3jxCAQU5rvgcS4IJc ToZxKZMFApaXu7qy/PKfRCfaVPTE97JUoKNtnyTVp65lBSw= X-Google-Smtp-Source: ABdhPJyiVCGHDtth3cfzzMbp8pDB+kFI/jSbKUvhDAKx1jazF0F/3DKVodTjse0isfjgfvDolXRsidO1djFhCq7iEOk= X-Received: by 2002:a37:6ca:: with SMTP id 193mr1925835qkg.436.1614248332685; Thu, 25 Feb 2021 02:18:52 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Adam Dinwoodie Date: Thu, 25 Feb 2021 10:18:16 +0000 Message-ID: Subject: Re: Reporting security vulnerability To: "Cygwin (cygwin@cygwin.com)" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2021 10:18:54 -0000 On Thu, 25 Feb 2021 at 10:12, Evyatar Gerzi via Cygwin wrote: > Hello, > > I saw that you have a mailing list for bug reporting but the bug that I > found is a security vulnerability, to whom I need to report it? > I don't know if it is good that it will be "read by many people", but it'= s > your call. Hi Evyatar, Can you narrow down where the security vulnerability is? Different parts of Cygwin have different maintainers =E2=80=93 each package has its o= wn maintainer, as well as separate ownership of the core Cygwin DLL and things like the Cygwin website =E2=80=93 and I expect different maintainers might prefer different approaches. Adam