[SECURITY] gnutls
Yaakov Selkowitz
yselkowitz@cygwin.com
Fri Mar 24 19:00:00 GMT 2017
On 2017-03-10 16:01, Yaakov Selkowitz wrote:
> On 2017-02-22 12:46, Yaakov Selkowitz wrote:
>> On 2016-09-26 14:13, Yaakov Selkowitz wrote:
>>> On 2016-09-26 02:00, Yaakov Selkowitz wrote:
>>>> Dr. Volker,
>>>>
>>>> Two security issues have been reported in GnuTLS:
>>>>
>>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
>>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-3
>>>>
>>>> At this point, I think the best way to proceed would be to:
>>>>
>>>> 1) release 3.3.24 with the patch for the latter, then;
>>>> 2) update to 3.4.15, which involves an ABI break.
>>>
>>> nettle is also overdue for an update (it's also blocking an update to
>>> filezilla); getting that in after 3.3.24 and prior to 3.4 would be best.
>>
>> Ping? More vulnerabilities have been announced, so we need to revise
>> the above to 3.3.26 and 3.5.9.
>
> Ping 2?
Ping 3?
--
Yaakov
More information about the Cygwin-apps
mailing list