This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Security vulnerability: libtasn1


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A flaw in the parsing of Distinguished Encoding Rules (DER) has been
discovered in libtasn1, potentially resulting in the execution of
arbitrary code.

Solution: upgrade to 0.2.18.

More information:
http://security.gentoo.org/glsa/glsa-200602-08.xml
http://www.gnu.org/software/gnutls/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645

What's written there about gnutls also being affected shouldn't apply to
us, since our gnutls uses the external libtasn1 instead of the included
copy, but please double-check.


Yaakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD9PyhpiWmPGlmQSMRAhVbAJ9fe77ehZZe+3WicaICVrGUWlTcLwCgwaEh
rxAVKELb7o0yU//0XTE2BP8=
=E+P0
-----END PGP SIGNATURE-----


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]