This is the mail archive of the
mailing list for the Cygwin project.
RE: [SECURITY] p7zip: CVE-2015-1038
- From: Tony Kelman <tony at kelman dot net>
- To: "cygwin-apps at cygwin dot com" <cygwin-apps at cygwin dot com>
- Date: Wed, 10 Feb 2016 19:59:37 -0800
- Subject: RE: [SECURITY] p7zip: CVE-2015-1038
- Authentication-results: sourceware.org; auth=none
- References: <56AB9A3F dot 3040808 at cygwin dot com> <BAY169-W135C2459F190107A746FE76A7DB0 at phx dot gbl> <BAY169-W401D7F793D3E837DBF61F5A7DC0 at phx dot gbl> <BAY169-W408B5913ECB16EC67C8CD4A7DC0 at phx dot gbl> <20160208135409 dot GI27646 at calimero dot vinschen dot de> <BAY169-W61D70AFE36EB965B52B599A7D60 at phx dot gbl>,<87twlgwfsp dot fsf at Rainer dot invalid>
> What means "NMU"?
Sorry, that's a Debian term for "non-maintainer upload." I don't know
if we ever do those in Cygwin?
> Recently the default configuration has been changed to only have hashes
> in that file. You could change it back or use ssh management commands
> to remove the existing entries for sourceware or cygwin that are hashed
> into the file.
I'm not very familiar with the intricacies of ssh auth options, as you
can probably guess. I tried removing ~/.ssh/known_hosts (backing up to
a different file name) but no change. Is there a cygport or sftp or ssh
option via command line or environment variable that I can set for more
verbose debugging output that might tell us what's going on here?