[SECURITY] p7zip: CVE-2015-1038
Tony Kelman
tony@kelman.net
Tue Feb 9 22:48:00 GMT 2016
>> I don't have anything for sourceware or cygwin.com in
>> ~/.ssh/known_hosts, should I?
>
> In theory, yes. It's usually collected the first time you connect to
> the host. The idea is to have a known key to compare the host against
> to disallow MITM attacks.
Hm okay, what's the best way to get this fixed then? Generate new
ssh keys? Or someone else can NMU this since it's a security issue,
my cygport including the new patch is at https://github.com/tkelman/cygwin-p7zip
-Tony
More information about the Cygwin-apps
mailing list