This is the mail archive of the
cygwin-developers
mailing list for the Cygwin project.
Re: cygwin1.dll up to 1.5.22 overflow
Dear Corinna,
I understand from this that you are asking for that details about
explotation, pof, etc. of a vulnerability of a software should be
directly disclosed in the list? Sounds some kind of dangerous.
I didn't usually include in "bugs" a bof that permits execute code.
I'll do this as you requested omitting sensible information.
Thanks,
Corinna Vinschen escribió:
> On Nov 8 12:23, Daniel Fdez. Bleda wrote:
>> Dear Cygwin developers,
>>
>> One members of our team discovered a serious vulnerability, not
>> published and docummented in Cygwin up to 1.5.22. It seam to be
>> corrected in recent versions but we don't know if collateral to other
>> correction or directly patched.
>>
>> As the cygwin site is absolutely unclear about where send bugs, but is
>> absolutely clear what not to send I wonder where I should send this info.
>
> The cygwin AT cygwin DOT com mailing list is the right place, as described
> on http://cygwin.com/lists.html.
>
>> ____________________________________
>> Este mensaje y los documentos que, en su caso lleve anexos, pueden
>> [etc...]
>
> Plese refrain from sending this sort of disclaimers to mailing lists,
> as described on http://sourceware.org/lists.html.
>
>
> Thanks,
> Corinna
>