From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-apps-return-29231-listarch-cygwin-apps=sources.redhat.com@cygwin.com>
Received: (qmail 21582 invoked by alias); 18 Oct 2011 17:00:26 -0000
Received: (qmail 21564 invoked by uid 22791); 18 Oct 2011 17:00:22 -0000
X-SWARE-Spam-Status: No, hits=-2.0 required=5.0	tests=AWL,BAYES_00,RP_MATCHES_RCVD,T_HK_NAME_DR,UNPARSEABLE_RELAY
X-Spam-Check-By: sourceware.org
Received: from acsinet15.oracle.com (HELO acsinet15.oracle.com) (141.146.126.227)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Tue, 18 Oct 2011 17:00:08 +0000
Received: from ucsinet21.oracle.com (ucsinet21.oracle.com [156.151.31.93])	by acsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p9IH05Yb015983	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)	for <cygwin-apps@cygwin.com>; Tue, 18 Oct 2011 17:00:07 GMT
Received: from acsmt358.oracle.com (acsmt358.oracle.com [141.146.40.158])	by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p9IGq4G8024923	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)	for <cygwin-apps@cygwin.com>; Tue, 18 Oct 2011 16:52:05 GMT
Received: from abhmt113.oracle.com (abhmt113.oracle.com [141.146.116.65])	by acsmt358.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p9IGxxfC005808	for <cygwin-apps@cygwin.com>; Tue, 18 Oct 2011 11:59:59 -0500
Received: from vzell-de.de.oracle.com (/80.134.190.124)	by default (Oracle Beehive Gateway v4.0)	with ESMTP ; Tue, 18 Oct 2011 09:59:58 -0700
To: cygwin-apps@cygwin.com
Subject: Re: SECURITY: gnutls
References: <1318790948.7624.14.camel@YAAKOV04>	<CAGHJv4e_LUHRVkM6_UZMfuTeM=7-xVKm_twRyXjAGt3yz+n_zw@mail.gmail.com>
From: "Dr. Volker Zell" <dr.volker.zell@oracle.com>
Date: Tue, 18 Oct 2011 17:00:00 -0000
In-Reply-To: <CAGHJv4e_LUHRVkM6_UZMfuTeM=7-xVKm_twRyXjAGt3yz+n_zw@mail.gmail.com> (Chris Sutcliffe's message of "Mon,	17 Oct 2011 20:45:23 -0400")
Message-ID: <7zy5wiw7xl.fsf@vzell-de.de.oracle.com>
User-Agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.4.22 (cygwin32)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-IsSubscribed: yes
Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm
Precedence: bulk
Sender: cygwin-apps-owner@cygwin.com
List-Id: <cygwin-apps.cygwin.com>
List-Subscribe: <mailto:cygwin-apps-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin-apps/>
List-Post: <mailto:cygwin-apps@cygwin.com>
List-Help: <mailto:cygwin-apps-help@cygwin.com>, <http://sourceware.org/lists.html#faqs>
Mail-Followup-To: cygwin-apps@cygwin.com
X-SW-Source: 2011-10/txt/msg00047.txt.bz2

>>>>> Chris Sutcliffe writes:

    > On 16 October 2011 14:49, Yaakov (Cygwin/X) wrote:
    >> Dr. Volker Zell,
    >> 
    >> gnutls 2.8.6 is susceptible to CVE-2009-3555.  This has been fixed since
    >> 2.10.0, but the current stable releases are 2.12.11 (ABI-compatible with
    >> 2.8.6) and 3.0.4 (which breaks ABI compatibility).  For now, please
    >> release 2.12.11 ASAP for all the apps currently dependent on
    >> libgnutls26.

    > Is Dr. Volker Zell still active?  The last post I can find from him
    > was from June of last year:

    > http://sourceware.org/ml/cygwin/2010-06/msg00009.html

I'm about to upload...but libtasn1 first.
    
    > Chris

Ciao
  Volker