[SECURITY] p7zip: CVE-2015-1038
Tue Feb 9 10:40:00 GMT 2016
On Feb 8 17:42, Tony Kelman wrote:
> >> Tony@LAPTOP-O230JCFF ~/github/cygwin-p7zip
> >> $ cygport p7zip-15.09-2.cygport upload
> >>>>> Uploading p7zip-15.09-2.x86_64
> >>>>> Running lftp sftp://firstname.lastname@example.org
> >> Password:
> >> cd: Fatal error: Host key verification failed
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > The host key you stored for sourceware isn't the right one for some
> > reason. Remove it with ssh-keygen -R and check for correctness when
> > you connect again, see the fingerprints at
> > https://sourceware.org/cygwin-apps/package-upload.html
> Thanks for the help Corinna.
> I don't have anything for sourceware or cygwin.com in
> ~/.ssh/known_hosts, should I?
In theory, yes. It's usually collected the first time you connect to
the host. The idea is to have a known key to compare the host against
to disallow MITM attacks.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the Cygwin-apps