This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [SECURITY] p7zip: CVE-2015-1038


On Feb  9 14:48, Tony Kelman wrote:
> >> I don't have anything for sourceware or cygwin.com in
> >> ~/.ssh/known_hosts, should I?
> >
> > In theory, yes. It's usually collected the first time you connect to
> > the host. The idea is to have a known key to compare the host against
> > to disallow MITM attacks.
> 
> Hm okay, what's the best way to get this fixed then? Generate new
> ssh keys? Or someone else can NMU this since it's a security issue,
> my cygport including the new patch is at
> https://github.com/tkelman/cygwin-p7zip

I'm not sure in fact.  The error you got was related to the host keys,
not the user keys.  Changing the keys would probably not help, though
we can try that, of course.  What means "NMU"?


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]