This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RE: [SECURITY] p7zip: CVE-2015-1038

From: Tony Kelman <tony at kelman dot net>
To: "cygwin-apps at cygwin dot com" <cygwin-apps at cygwin dot com>
Date: Wed, 10 Feb 2016 19:59:37 -0800
Subject: RE: [SECURITY] p7zip: CVE-2015-1038
Authentication-results: sourceware.org; auth=none
References: <56AB9A3F dot 3040808 at cygwin dot com> <BAY169-W135C2459F190107A746FE76A7DB0 at phx dot gbl> <BAY169-W401D7F793D3E837DBF61F5A7DC0 at phx dot gbl> <BAY169-W408B5913ECB16EC67C8CD4A7DC0 at phx dot gbl> <20160208135409 dot GI27646 at calimero dot vinschen dot de> <BAY169-W61D70AFE36EB965B52B599A7D60 at phx dot gbl>,<87twlgwfsp dot fsf at Rainer dot invalid>

> What means "NMU"?

Sorry, that's a Debian term for "non-maintainer upload." I don't know
if we ever do those in Cygwin?

> Recently the default configuration has been changed to only have hashes
> in that file. You could change it back or use ssh management commands
> to remove the existing entries for sourceware or cygwin that are hashed
> into the file.

I'm not very familiar with the intricacies of ssh auth options, as you
can probably guess. I tried removing ~/.ssh/known_hosts (backing up to
a different file name) but no change. Is there a cygport or sftp or ssh
option via command line or environment variable that I can set for more
verbose debugging output that might tell us what's going on here?

Thanks,
Tony

Follow-Ups:
- Re: [SECURITY] p7zip: CVE-2015-1038
  - From: Achim Gratz

References:
- Re: [SECURITY] p7zip: CVE-2015-1038
  - From: Corinna Vinschen
- RE: [SECURITY] p7zip: CVE-2015-1038
  - From: Tony Kelman
- Re: [SECURITY] p7zip: CVE-2015-1038
  - From: Achim Gratz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]