[SECURITY] p7zip: CVE-2015-1038

Tony Kelman tony@kelman.net
Tue Feb 9 22:48:00 GMT 2016

>> I don't have anything for sourceware or cygwin.com in
>> ~/.ssh/known_hosts, should I?
> In theory, yes. It's usually collected the first time you connect to
> the host. The idea is to have a known key to compare the host against
> to disallow MITM attacks.

Hm okay, what's the best way to get this fixed then? Generate new
ssh keys? Or someone else can NMU this since it's a security issue,
my cygport including the new patch is at https://github.com/tkelman/cygwin-p7zip



More information about the Cygwin-apps mailing list