[SECURITY] gnutls
Yaakov Selkowitz
yselkowitz@cygwin.com
Wed May 3 21:37:00 GMT 2017
On 2017-03-24 14:00, Yaakov Selkowitz wrote:
> On 2017-03-10 16:01, Yaakov Selkowitz wrote:
>> On 2017-02-22 12:46, Yaakov Selkowitz wrote:
>>> On 2016-09-26 14:13, Yaakov Selkowitz wrote:
>>>> On 2016-09-26 02:00, Yaakov Selkowitz wrote:
>>>>> Dr. Volker,
>>>>>
>>>>> Two security issues have been reported in GnuTLS:
>>>>>
>>>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
>>>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-3
>>>>>
>>>>> At this point, I think the best way to proceed would be to:
>>>>>
>>>>> 1) release 3.3.24 with the patch for the latter, then;
>>>>> 2) update to 3.4.15, which involves an ABI break.
>>>>
>>>> nettle is also overdue for an update (it's also blocking an update to
>>>> filezilla); getting that in after 3.3.24 and prior to 3.4 would be
>>>> best.
>>>
>>> Ping? More vulnerabilities have been announced, so we need to revise
>>> the above to 3.3.26 and 3.5.9.
>>
>> Ping 2?
>
> Ping 3?
I have uploaded the latest versions of nettle and gnutls to fix these
issues.
--
Yaakov
More information about the Cygwin-apps
mailing list