On 22/01/2026 18:46, ASSI via Cygwin wrote:
Marco Atzeri via Cygwin writes:
On 22/01/2026 17:50, FOPPE, JEFFREY B CIV USAF AFMC AFLCMC/WFRQ via
Cygwin wrote:
CVE-2025-13151 points out a vulnerability in libtasn1 versions 4.20
and earlier. The version provided through Cygwin is much earlier.
It doesn't look like this package has been updated since 2019 and is
listed as Orphaned. A lot of other packages seem to depend on it.
Does anyone know if a developer will look at updating this?
Looking on it
It looks like it'll be a few more days before the release is done
upstream.
Regards,
Achim.
Thanks Achim,
My understanding is that 4.21.0 is safe from this
https://lists.gnu.org/archive/html/help-libtasn1/2026-01/msg00001.html
I am testing the package build on Scallywag
https://cygwin.com/cgi-bin2/jobs.cgi
Locally it passed all tests.
Regards
Marco
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
