On 2026-01-22 13:30, Marco Atzeri via Cygwin wrote:
On 22/01/2026 18:46, ASSI via Cygwin wrote:
Marco Atzeri via Cygwin writes:
On 22/01/2026 17:50, FOPPE, JEFFREY B CIV USAF AFMC AFLCMC/WFRQ via
Cygwin wrote:
CVE-2025-13151 points out a vulnerability in libtasn1 versions 4.20
and earlier. The version provided through Cygwin is much earlier.
It doesn't look like this package has been updated since 2019 and is
listed as Orphaned. A lot of other packages seem to depend on it.
Does anyone know if a developer will look at updating this?
Looking on it
It looks like it'll be a few more days before the release is done
upstream.
My understanding is that 4.21.0 is safe from this
https://lists.gnu.org/archive/html/help-libtasn1/2026-01/msg00001.html
I am testing the package build on Scallywag
https://cygwin.com/cgi-bin2/jobs.cgi
Locally it passed all tests.
Could also do with an update to gnutls 3.8.11?
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retrancher but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
