cygwin1.dll up to 1.5.22 overflow

Corinna Vinschen
Thu Nov 8 11:48:00 GMT 2007

On Nov  8 12:23, Daniel Fdez. Bleda wrote:
> Dear Cygwin developers,
> One members of our team discovered a serious vulnerability, not
> published and docummented in Cygwin up to 1.5.22. It seam to be
> corrected in recent versions but we don't know if collateral to other
> correction or directly patched.
> As the cygwin site is absolutely unclear about where send bugs, but is
> absolutely clear what not to send I wonder where I should send this info.

The cygwin AT cygwin DOT com mailing list is the right place, as described

>           ____________________________________
> Este mensaje y los documentos que, en su caso lleve anexos, pueden
> [etc...]

Plese refrain from sending this sort of disclaimers to mailing lists,
as described on


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

More information about the Cygwin-developers mailing list