Am 25.02.2021 um 13:57 schrieb Evyatar Gerzi via Cygwin:
My apologies again, I am not sure to whom I should address the
vulnerability.
Because Thomas fixed it in MinTTY but I don't know who is responsible to
implement it inside Cygwin.
The fix is included in 3.4.6, released as a Cygwin package.
Just not to worry too much, it was a denial-of-service style thing, not
an intrusion vulnerability.
Thomas
I appreciate your help, thanks,
Eviatar Gerzi
On Thu, Feb 25, 2021 at 1:10 PM Evyatar Gerzi <evyatar...@gmail.com> wrote:
Sorry, I just noticed that Thomas is one of the authors and he is already
familiar with this issue and fixed it.
I will send him separate mail and ask him if there is also a fix for
Cygwin.
Thanks,
Eviatar
On Thu, Feb 25, 2021 at 12:08 PM Evyatar Gerzi <evyatar...@gmail.com>
wrote:
Hello,
I saw that you have a mailing list for bug reporting but the bug that I
found is a security vulnerability, to whom I need to report it?
I don't know if it is good that it will be "read by many people", but
it's your call.
Thanks,
Eviatar Gerzi
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
