On Fri, 23 Jan 2026, 10:22 Brian Inglis via Cygwin, <[email protected]> wrote:
> On 2026-01-22 13:30, Marco Atzeri via Cygwin wrote: > > On 22/01/2026 18:46, ASSI via Cygwin wrote: > >> Marco Atzeri via Cygwin writes: > >>> On 22/01/2026 17:50, FOPPE, JEFFREY B CIV USAF AFMC AFLCMC/WFRQ via > >>> Cygwin wrote: > >>>> CVE-2025-13151 points out a vulnerability in libtasn1 versions 4.20 > >>>> and earlier. The version provided through Cygwin is much earlier. > >>>> It doesn't look like this package has been updated since 2019 and is > >>>> listed as Orphaned. A lot of other packages seem to depend on it. > >>>> Does anyone know if a developer will look at updating this? > >> > >>> Looking on it > >> > >> It looks like it'll be a few more days before the release is done > >> upstream. > > > My understanding is that 4.21.0 is safe from this > > > > https://lists.gnu.org/archive/html/help-libtasn1/2026-01/msg00001.html > > > > I am testing the package build on Scallywag > > https://cygwin.com/cgi-bin2/jobs.cgi > > > > Locally it passed all tests. > > Could also do with an update to gnutls 3.8.11? > I will look during weekend -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
