This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

RE: [SECURITY] p7zip: CVE-2015-1038


>> I don't have anything for sourceware or cygwin.com in
>> ~/.ssh/known_hosts, should I?
>
> In theory, yes. It's usually collected the first time you connect to
> the host. The idea is to have a known key to compare the host against
> to disallow MITM attacks.

Hm okay, what's the best way to get this fixed then? Generate new
ssh keys? Or someone else can NMU this since it's a security issue,
my cygport including the new patch is at https://github.com/tkelman/cygwin-p7zip

-Tony

 		 	   		  

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]