[SECURITY] p7zip: CVE-2015-1038
Corinna Vinschen
corinna-cygwin@cygwin.com
Tue Feb 9 10:40:00 GMT 2016
On Feb 8 17:42, Tony Kelman wrote:
> >> Tony@LAPTOP-O230JCFF ~/github/cygwin-p7zip
> >> $ cygport p7zip-15.09-2.cygport upload
> >>>>> Uploading p7zip-15.09-2.x86_64
> >>>>> Running lftp sftp://cygwin@cygwin.com
> >> Password:
> >> cd: Fatal error: Host key verification failed
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > The host key you stored for sourceware isn't the right one for some
> > reason. Remove it with ssh-keygen -R and check for correctness when
> > you connect again, see the fingerprints at
> > https://sourceware.org/cygwin-apps/package-upload.html
>
> Thanks for the help Corinna.
>
> I don't have anything for sourceware or cygwin.com in
> ~/.ssh/known_hosts, should I?
In theory, yes. It's usually collected the first time you connect to
the host. The idea is to have a known key to compare the host against
to disallow MITM attacks.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-apps/attachments/20160209/156cc816/attachment.sig>
More information about the Cygwin-apps
mailing list