This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [SECURITY] gnutls

From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
To: cygwin-apps at cygwin dot com
Date: Fri, 10 Mar 2017 16:01:15 -0600
Subject: Re: [SECURITY] gnutls
Authentication-results: sourceware.org; auth=none
References: <dad87a97-9272-263c-7e68-7c7e578da46a@cygwin.com> <e7c5dded-d562-4c34-15e9-8a931e692154@cygwin.com> <de3d6f0f-0803-9d66-0a29-5a81af2a4c8f@cygwin.com>

On 2017-02-22 12:46, Yaakov Selkowitz wrote:

On 2016-09-26 14:13, Yaakov Selkowitz wrote:

On 2016-09-26 02:00, Yaakov Selkowitz wrote:

Dr. Volker,

Two security issues have been reported in GnuTLS:

https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
https://www.gnutls.org/security.html#GNUTLS-SA-2016-3

At this point, I think the best way to proceed would be to:

1) release 3.3.24 with the patch for the latter, then;
2) update to 3.4.15, which involves an ABI break.


nettle is also overdue for an update (it's also blocking an update to
filezilla); getting that in after 3.3.24 and prior to 3.4 would be best.


Ping?  More vulnerabilities have been announced, so we need to revise
the above to 3.3.26 and 3.5.9.


Ping 2?

--
Yaakov

Follow-Ups:
- Re: [SECURITY] gnutls
  - From: Yaakov Selkowitz

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]