Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 17 Sep 2003 00:11:43 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: new openssh vulnerability
Message-ID: <20030916221143.GW9981@cygbert.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <3F678317 DOT 6040001 AT aol DOT com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F678317.6040001@aol.com>
User-Agent: Mutt/1.4.1i

On Tue, Sep 16, 2003 at 05:39:35PM -0400, Tony Schmitt wrote:
> Corinna - I was informed of an SSH hole today. Referring to
> http://www.securityfocus.com/advisories:
> 
> "...a buffer management error found in versions of OpenSSH earlier than
> 3.7. The possibility exists that this error could allow a remote exploit..."
> 
> Were you aware of this?

Yes, but not for long.  I'm subscribed to the portable openssh
developers mailing list but for some reason I'm getting the postings
currently with about 30 hours(!) delay.  For that reason I learned
about the release of 3.7p1 and the security advisory just 2 hours
ago.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/