This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: cygwin1.dll up to 1.5.22 overflow
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin-developers at cygwin dot com
- Date: Thu, 8 Nov 2007 12:47:56 +0100
- Subject: Re: cygwin1.dll up to 1.5.22 overflow
- References: <4732F1CB.90305@isecauditors.com>
- Reply-to: cygwin-developers at cygwin dot com
On Nov 8 12:23, Daniel Fdez. Bleda wrote:
> Dear Cygwin developers,
>
> One members of our team discovered a serious vulnerability, not
> published and docummented in Cygwin up to 1.5.22. It seam to be
> corrected in recent versions but we don't know if collateral to other
> correction or directly patched.
>
> As the cygwin site is absolutely unclear about where send bugs, but is
> absolutely clear what not to send I wonder where I should send this info.
The cygwin AT cygwin DOT com mailing list is the right place, as described
on http://cygwin.com/lists.html.
> ____________________________________
> Este mensaje y los documentos que, en su caso lleve anexos, pueden
> [etc...]
Plese refrain from sending this sort of disclaimers to mailing lists,
as described on http://sourceware.org/lists.html.
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat