Reporting security vulnerability

Thomas Wolff towo@towo.net
Thu Feb 25 13:15:39 GMT 2021

• Previous message (by thread): Reporting security vulnerability
• Next message (by thread): [ANNOUNCEMENT] lcms2 2.12-1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Am 25.02.2021 um 13:57 schrieb Evyatar Gerzi via Cygwin:
> My apologies again, I am not sure to whom I should address the
> vulnerability.
> Because Thomas fixed it in MinTTY but I don't know who is responsible to
> implement it inside Cygwin.
The fix is included in 3.4.6, released as a Cygwin package.
Just not to worry too much, it was a denial-of-service style thing, not 
an intrusion vulnerability.
Thomas
> I appreciate your help, thanks,
>> Eviatar Gerzi
>> On Thu, Feb 25, 2021 at 1:10 PM Evyatar Gerzi <evyatar575@gmail.com> wrote:
>>> Sorry, I just noticed that Thomas is one of the authors and he is already
>> familiar with this issue and fixed it.
>> I will send him separate mail and ask him if there is also a fix for
>> Cygwin.
>>>> Thanks,
>>>> Eviatar
>>>> On Thu, Feb 25, 2021 at 12:08 PM Evyatar Gerzi <evyatar575@gmail.com>
>> wrote:
>>>>> Hello,
>>>>>> I saw that you have a mailing list for bug reporting but the bug that I
>>> found is a security vulnerability, to whom I need to report it?
>>> I don't know if it is good that it will be "read by many people", but
>>> it's your call.
>>>>>> Thanks,
>>>>>> Eviatar Gerzi
>>>>>>> --
> Problem reports: https://cygwin.com/problems.html
> FAQ: https://cygwin.com/faq/
> Documentation: https://cygwin.com/docs.html
> Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple

---

• Previous message (by thread): Reporting security vulnerability
• Next message (by thread): [ANNOUNCEMENT] lcms2 2.12-1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Cygwin mailing list