Reporting security vulnerability
Thu Feb 25 13:15:39 GMT 2021
Am 25.02.2021 um 13:57 schrieb Evyatar Gerzi via Cygwin:
> My apologies again, I am not sure to whom I should address the
> Because Thomas fixed it in MinTTY but I don't know who is responsible to
> implement it inside Cygwin.
The fix is included in 3.4.6, released as a Cygwin package.
Just not to worry too much, it was a denial-of-service style thing, not
an intrusion vulnerability.
> I appreciate your help, thanks,
> Eviatar Gerzi
> On Thu, Feb 25, 2021 at 1:10 PM Evyatar Gerzi <firstname.lastname@example.org> wrote:
>> Sorry, I just noticed that Thomas is one of the authors and he is already
>> familiar with this issue and fixed it.
>> I will send him separate mail and ask him if there is also a fix for
>> On Thu, Feb 25, 2021 at 12:08 PM Evyatar Gerzi <email@example.com>
>>> I saw that you have a mailing list for bug reporting but the bug that I
>>> found is a security vulnerability, to whom I need to report it?
>>> I don't know if it is good that it will be "read by many people", but
>>> it's your call.
>>> Eviatar Gerzi
> Problem reports: https://cygwin.com/problems.html
> FAQ: https://cygwin.com/faq/
> Documentation: https://cygwin.com/docs.html
> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin