[ANNOUNCEMENT] [SECURITY] Updated: openssl-1.0.1h-1, libopenssl098-0.9.8za-1

Andrew Schulman schulman.andrew@epa.gov
Fri Jun 6 15:42:00 GMT 2014


> The following packages have been updated in the Cygwin distribution:
> 
> * openssl-1.0.1h-1
> * libopenssl098-0.9.8za-1 (x86 only)
> * libopenssl100-1.0.1h-1
> * openssl-devel-1.0.1h-1
> 
> The OpenSSL toolkit provides support for secure communications between 
> machines. OpenSSL includes a certificate management tool and shared 
> libraries which provide various cryptographic algorithms and protocols.
> 
> This release includes fixes for several CVEs, including CVE-2014-0224 
> (SSL/TLS man-in-the-middle).  Full details on these fixes are available 
> here:
> 
> https://www.openssl.org/news/secadv_20140605.txt

I don't see any reason here that programs that depend on libopenssl100,
such as stunnel, would need to be rebuit for this update.  Do you?


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list