[SECURITY] p7zip: CVE-2015-1038
Wed Feb 10 10:40:00 GMT 2016
On Feb 9 14:48, Tony Kelman wrote:
> >> I don't have anything for sourceware or cygwin.com in
> >> ~/.ssh/known_hosts, should I?
> > In theory, yes. It's usually collected the first time you connect to
> > the host. The idea is to have a known key to compare the host against
> > to disallow MITM attacks.
> Hm okay, what's the best way to get this fixed then? Generate new
> ssh keys? Or someone else can NMU this since it's a security issue,
> my cygport including the new patch is at
I'm not sure in fact. The error you got was related to the host keys,
not the user keys. Changing the keys would probably not help, though
we can try that, of course. What means "NMU"?
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the Cygwin-apps