Reporting security vulnerability
Thomas Wolff
towo@towo.net
Thu Feb 25 13:15:39 GMT 2021
Am 25.02.2021 um 13:57 schrieb Evyatar Gerzi via Cygwin:
> My apologies again, I am not sure to whom I should address the
> vulnerability.
> Because Thomas fixed it in MinTTY but I don't know who is responsible to
> implement it inside Cygwin.
The fix is included in 3.4.6, released as a Cygwin package.
Just not to worry too much, it was a denial-of-service style thing, not
an intrusion vulnerability.
Thomas
> I appreciate your help, thanks,
>
> Eviatar Gerzi
>
> On Thu, Feb 25, 2021 at 1:10 PM Evyatar Gerzi <evyatar575@gmail.com> wrote:
>
>> Sorry, I just noticed that Thomas is one of the authors and he is already
>> familiar with this issue and fixed it.
>> I will send him separate mail and ask him if there is also a fix for
>> Cygwin.
>>
>> Thanks,
>>
>> Eviatar
>>
>> On Thu, Feb 25, 2021 at 12:08 PM Evyatar Gerzi <evyatar575@gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I saw that you have a mailing list for bug reporting but the bug that I
>>> found is a security vulnerability, to whom I need to report it?
>>> I don't know if it is good that it will be "read by many people", but
>>> it's your call.
>>>
>>> Thanks,
>>>
>>> Eviatar Gerzi
>>>
>>>
> --
> Problem reports: https://cygwin.com/problems.html
> FAQ: https://cygwin.com/faq/
> Documentation: https://cygwin.com/docs.html
> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list