This is the mail archive of the
mailing list for the Cygwin project.
Re: [SECURITY] gnutls
- From: Yaakov Selkowitz <yselkowitz at cygwin dot com>
- To: cygwin-apps at cygwin dot com
- Date: Fri, 10 Mar 2017 16:01:15 -0600
- Subject: Re: [SECURITY] gnutls
- Authentication-results: sourceware.org; auth=none
- References: <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org>
On 2017-02-22 12:46, Yaakov Selkowitz wrote:
On 2016-09-26 14:13, Yaakov Selkowitz wrote:
On 2016-09-26 02:00, Yaakov Selkowitz wrote:
Two security issues have been reported in GnuTLS:
At this point, I think the best way to proceed would be to:
1) release 3.3.24 with the patch for the latter, then;
2) update to 3.4.15, which involves an ABI break.
nettle is also overdue for an update (it's also blocking an update to
filezilla); getting that in after 3.3.24 and prior to 3.4 would be best.
Ping? More vulnerabilities have been announced, so we need to revise
the above to 3.3.26 and 3.5.9.