[SECURITY] gnutls
Yaakov Selkowitz
yselkowitz@cygwin.com
Fri Mar 10 22:01:00 GMT 2017
On 2017-02-22 12:46, Yaakov Selkowitz wrote:
> On 2016-09-26 14:13, Yaakov Selkowitz wrote:
>> On 2016-09-26 02:00, Yaakov Selkowitz wrote:
>>> Dr. Volker,
>>>
>>> Two security issues have been reported in GnuTLS:
>>>
>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-3
>>>
>>> At this point, I think the best way to proceed would be to:
>>>
>>> 1) release 3.3.24 with the patch for the latter, then;
>>> 2) update to 3.4.15, which involves an ABI break.
>>
>> nettle is also overdue for an update (it's also blocking an update to
>> filezilla); getting that in after 3.3.24 and prior to 3.4 would be best.
>
> Ping? More vulnerabilities have been announced, so we need to revise
> the above to 3.3.26 and 3.5.9.
Ping 2?
--
Yaakov
More information about the Cygwin-apps
mailing list