SECURITY: gnutls

SECURITY: gnutls

[Yaakov (Cygwin/X)]

Dr. Volker Zell,

gnutls 2.8.6 is susceptible to CVE-2009-3555.  This has been fixed since
2.10.0, but the current stable releases are 2.12.11 (ABI-compatible with
2.8.6) and 3.0.4 (which breaks ABI compatibility).  For now, please
release 2.12.11 ASAP for all the apps currently dependent on
libgnutls26.


Yaakov

Re: SECURITY: gnutls

[Chris Sutcliffe]

On 16 October 2011 14:49, Yaakov (Cygwin/X) wrote:
> Dr. Volker Zell,
>
> gnutls 2.8.6 is susceptible to CVE-2009-3555.  This has been fixed since
> 2.10.0, but the current stable releases are 2.12.11 (ABI-compatible with
> 2.8.6) and 3.0.4 (which breaks ABI compatibility).  For now, please
> release 2.12.11 ASAP for all the apps currently dependent on
> libgnutls26.

Is Dr. Volker Zell still active?  The last post I can find from him
was from June of last year:

http://sourceware.org/ml/cygwin/2010-06/msg00009.html

Chris

-- 
Chris Sutcliffe
http://emergedesktop.org
http://www.google.com/profiles/ir0nh34d

Re: SECURITY: gnutls

[Corinna Vinschen]

On Oct 17 20:45, Chris Sutcliffe wrote:
> On 16 October 2011 14:49, Yaakov (Cygwin/X) wrote:
> > Dr. Volker Zell,
> >
> > gnutls 2.8.6 is susceptible to CVE-2009-3555.  This has been fixed since
> > 2.10.0, but the current stable releases are 2.12.11 (ABI-compatible with
> > 2.8.6) and 3.0.4 (which breaks ABI compatibility).  For now, please
> > release 2.12.11 ASAP for all the apps currently dependent on
> > libgnutls26.
> 
> Is Dr. Volker Zell still active?  The last post I can find from him
> was from June of last year:
> 
> http://sourceware.org/ml/cygwin/2010-06/msg00009.html

I had a short mail exchange with Volker in August.  He had some private
problems to deal with.  He wrote he would catch up at one point.

Volker, I CCed you so you can chime in, ok?


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Re: SECURITY: gnutls

[Dr. Volker Zell]

>>>>> Chris Sutcliffe writes:

    > On 16 October 2011 14:49, Yaakov (Cygwin/X) wrote:
    >> Dr. Volker Zell,
    >> 
    >> gnutls 2.8.6 is susceptible to CVE-2009-3555.  This has been fixed since
    >> 2.10.0, but the current stable releases are 2.12.11 (ABI-compatible with
    >> 2.8.6) and 3.0.4 (which breaks ABI compatibility).  For now, please
    >> release 2.12.11 ASAP for all the apps currently dependent on
    >> libgnutls26.

    > Is Dr. Volker Zell still active?  The last post I can find from him
    > was from June of last year:

    > http://sourceware.org/ml/cygwin/2010-06/msg00009.html

I'm about to upload...but libtasn1 first.
    
    > Chris

Ciao
  Volker