This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: openSSH Vulnerability

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: Bruce Halco <bruce at halcomp dot com>
Cc: cygwin at cygwin dot com
Date: Wed, 20 Mar 2019 15:18:50 +0100
Subject: Re: openSSH Vulnerability
References: <cdd0f8a3-8e3c-5b9c-7633-40af3424f780@halcomp.com>
Reply-to: cygwin at cygwin dot com

On Mar 20 09:13, Bruce Halco wrote:
> openSSH 7.9 is subject to vulnerability CVE-2019-6111. This has been fixed
> in at least some distributions, Debian at least.

Fedora (which is our role model) doesn't and the vulnerability is not
deemed that critical by the upstream maintainers:

https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-January/037475.html

Fedora's 7.9p1 has an additional patch for CVE-2018-20685 only.

I was planning to wait for OpenSSH 8.0.  It was originally slated
for end of January or at least February, but there's no hint from the
upstream maintainers yet in terms of the (obviously changed) release
planning for 8.0.

I can push a 7.9 with the Fedora patch for CVE-2018-20685 if that
helps.

Corinna

-- 
Corinna Vinschen
Cygwin Maintainer

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: openSSH Vulnerability
  - From: Bruce Halco

References:
- openSSH Vulnerability
  - From: Bruce Halco

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]