* [SECURITY] gnutls
@ 2016-09-26 7:00 Yaakov Selkowitz
2016-09-26 19:13 ` Yaakov Selkowitz
0 siblings, 1 reply; 11+ messages in thread
From: Yaakov Selkowitz @ 2016-09-26 7:00 UTC (permalink / raw)
To: cygwin-apps
Dr. Volker,
Two security issues have been reported in GnuTLS:
https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
https://www.gnutls.org/security.html#GNUTLS-SA-2016-3
At this point, I think the best way to proceed would be to:
1) release 3.3.24 with the patch for the latter, then;
2) update to 3.4.15, which involves an ABI break.
--
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [SECURITY] gnutls
2016-09-26 7:00 [SECURITY] gnutls Yaakov Selkowitz
@ 2016-09-26 19:13 ` Yaakov Selkowitz
2017-02-22 18:46 ` Yaakov Selkowitz
0 siblings, 1 reply; 11+ messages in thread
From: Yaakov Selkowitz @ 2016-09-26 19:13 UTC (permalink / raw)
To: cygwin-apps
On 2016-09-26 02:00, Yaakov Selkowitz wrote:
> Dr. Volker,
>
> Two security issues have been reported in GnuTLS:
>
> https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
> https://www.gnutls.org/security.html#GNUTLS-SA-2016-3
>
> At this point, I think the best way to proceed would be to:
>
> 1) release 3.3.24 with the patch for the latter, then;
> 2) update to 3.4.15, which involves an ABI break.
nettle is also overdue for an update (it's also blocking an update to
filezilla); getting that in after 3.3.24 and prior to 3.4 would be best.
--
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [SECURITY] gnutls
2016-09-26 19:13 ` Yaakov Selkowitz
@ 2017-02-22 18:46 ` Yaakov Selkowitz
2017-03-10 22:01 ` Yaakov Selkowitz
0 siblings, 1 reply; 11+ messages in thread
From: Yaakov Selkowitz @ 2017-02-22 18:46 UTC (permalink / raw)
To: cygwin-apps
On 2016-09-26 14:13, Yaakov Selkowitz wrote:
> On 2016-09-26 02:00, Yaakov Selkowitz wrote:
>> Dr. Volker,
>>
>> Two security issues have been reported in GnuTLS:
>>
>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-3
>>
>> At this point, I think the best way to proceed would be to:
>>
>> 1) release 3.3.24 with the patch for the latter, then;
>> 2) update to 3.4.15, which involves an ABI break.
>
> nettle is also overdue for an update (it's also blocking an update to
> filezilla); getting that in after 3.3.24 and prior to 3.4 would be best.
Ping? More vulnerabilities have been announced, so we need to revise
the above to 3.3.26 and 3.5.9.
--
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [SECURITY] gnutls
2017-02-22 18:46 ` Yaakov Selkowitz
@ 2017-03-10 22:01 ` Yaakov Selkowitz
2017-03-24 19:00 ` Yaakov Selkowitz
0 siblings, 1 reply; 11+ messages in thread
From: Yaakov Selkowitz @ 2017-03-10 22:01 UTC (permalink / raw)
To: cygwin-apps
On 2017-02-22 12:46, Yaakov Selkowitz wrote:
> On 2016-09-26 14:13, Yaakov Selkowitz wrote:
>> On 2016-09-26 02:00, Yaakov Selkowitz wrote:
>>> Dr. Volker,
>>>
>>> Two security issues have been reported in GnuTLS:
>>>
>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-3
>>>
>>> At this point, I think the best way to proceed would be to:
>>>
>>> 1) release 3.3.24 with the patch for the latter, then;
>>> 2) update to 3.4.15, which involves an ABI break.
>>
>> nettle is also overdue for an update (it's also blocking an update to
>> filezilla); getting that in after 3.3.24 and prior to 3.4 would be best.
>
> Ping? More vulnerabilities have been announced, so we need to revise
> the above to 3.3.26 and 3.5.9.
Ping 2?
--
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [SECURITY] gnutls
2017-03-10 22:01 ` Yaakov Selkowitz
@ 2017-03-24 19:00 ` Yaakov Selkowitz
2017-05-03 21:37 ` Yaakov Selkowitz
0 siblings, 1 reply; 11+ messages in thread
From: Yaakov Selkowitz @ 2017-03-24 19:00 UTC (permalink / raw)
To: cygwin-apps
On 2017-03-10 16:01, Yaakov Selkowitz wrote:
> On 2017-02-22 12:46, Yaakov Selkowitz wrote:
>> On 2016-09-26 14:13, Yaakov Selkowitz wrote:
>>> On 2016-09-26 02:00, Yaakov Selkowitz wrote:
>>>> Dr. Volker,
>>>>
>>>> Two security issues have been reported in GnuTLS:
>>>>
>>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
>>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-3
>>>>
>>>> At this point, I think the best way to proceed would be to:
>>>>
>>>> 1) release 3.3.24 with the patch for the latter, then;
>>>> 2) update to 3.4.15, which involves an ABI break.
>>>
>>> nettle is also overdue for an update (it's also blocking an update to
>>> filezilla); getting that in after 3.3.24 and prior to 3.4 would be best.
>>
>> Ping? More vulnerabilities have been announced, so we need to revise
>> the above to 3.3.26 and 3.5.9.
>
> Ping 2?
Ping 3?
--
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [SECURITY] gnutls
2017-03-24 19:00 ` Yaakov Selkowitz
@ 2017-05-03 21:37 ` Yaakov Selkowitz
0 siblings, 0 replies; 11+ messages in thread
From: Yaakov Selkowitz @ 2017-05-03 21:37 UTC (permalink / raw)
To: cygwin-apps
On 2017-03-24 14:00, Yaakov Selkowitz wrote:
> On 2017-03-10 16:01, Yaakov Selkowitz wrote:
>> On 2017-02-22 12:46, Yaakov Selkowitz wrote:
>>> On 2016-09-26 14:13, Yaakov Selkowitz wrote:
>>>> On 2016-09-26 02:00, Yaakov Selkowitz wrote:
>>>>> Dr. Volker,
>>>>>
>>>>> Two security issues have been reported in GnuTLS:
>>>>>
>>>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-2
>>>>> https://www.gnutls.org/security.html#GNUTLS-SA-2016-3
>>>>>
>>>>> At this point, I think the best way to proceed would be to:
>>>>>
>>>>> 1) release 3.3.24 with the patch for the latter, then;
>>>>> 2) update to 3.4.15, which involves an ABI break.
>>>>
>>>> nettle is also overdue for an update (it's also blocking an update to
>>>> filezilla); getting that in after 3.3.24 and prior to 3.4 would be
>>>> best.
>>>
>>> Ping? More vulnerabilities have been announced, so we need to revise
>>> the above to 3.3.26 and 3.5.9.
>>
>> Ping 2?
>
> Ping 3?
I have uploaded the latest versions of nettle and gnutls to fix these
issues.
--
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [SECURITY] gnutls
2012-05-02 6:01 ` Yaakov (Cygwin/X)
@ 2012-06-27 3:34 ` Yaakov (Cygwin/X)
0 siblings, 0 replies; 11+ messages in thread
From: Yaakov (Cygwin/X) @ 2012-06-27 3:34 UTC (permalink / raw)
To: cygwin-apps
On Wed, 2012-05-02 at 01:01 -0500, Yaakov (Cygwin/X) wrote:
> On 2012-03-26 04:31, Dr. Volker Zell wrote:
> >>>>>> Yaakov writes:
> >
> > > A security vulnerability has just been announced for gnutls (CVE-2012-1573).
> > > This can be fixed by updating to 2.12.18.
> >
> > Yaakov can you update your p11-kit package. I could use it in a new gnutls build.
>
> Ping? I updated p11-kit a while ago.
Ping 2?
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [SECURITY] gnutls
2012-03-26 9:30 ` Dr. Volker Zell
@ 2012-05-02 6:01 ` Yaakov (Cygwin/X)
2012-06-27 3:34 ` Yaakov (Cygwin/X)
0 siblings, 1 reply; 11+ messages in thread
From: Yaakov (Cygwin/X) @ 2012-05-02 6:01 UTC (permalink / raw)
To: cygwin-apps
On 2012-03-26 04:31, Dr. Volker Zell wrote:
>>>>>> Yaakov writes:
>
> > A security vulnerability has just been announced for gnutls (CVE-2012-1573).
> > This can be fixed by updating to 2.12.18.
>
> Yaakov can you update your p11-kit package. I could use it in a new gnutls build.
Ping? I updated p11-kit a while ago.
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [SECURITY] gnutls
2012-03-25 2:54 Yaakov (Cygwin/X)
@ 2012-03-26 9:30 ` Dr. Volker Zell
2012-05-02 6:01 ` Yaakov (Cygwin/X)
0 siblings, 1 reply; 11+ messages in thread
From: Dr. Volker Zell @ 2012-03-26 9:30 UTC (permalink / raw)
To: Yaakov (Cygwin/X); +Cc: cygwin-apps
>>>>> Yaakov writes:
> A security vulnerability has just been announced for gnutls (CVE-2012-1573).
> This can be fixed by updating to 2.12.18.
Yaakov can you update your p11-kit package. I could use it in a new gnutls build.
checking for P11_KIT... configure: error: Package requirements (p11-kit-1 >= 0.11) were not met:
Requested 'p11-kit-1 >= 0.11' but version of p11-kit is 0.9
Ciao
Volker
^ permalink raw reply [flat|nested] 11+ messages in thread
* [SECURITY] gnutls
@ 2012-03-25 2:54 Yaakov (Cygwin/X)
2012-03-26 9:30 ` Dr. Volker Zell
0 siblings, 1 reply; 11+ messages in thread
From: Yaakov (Cygwin/X) @ 2012-03-25 2:54 UTC (permalink / raw)
To: cygwin-apps
A security vulnerability has just been announced for gnutls
(CVE-2012-1573). This can be fixed by updating to 2.12.18.
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
* [SECURITY] gnutls
@ 2009-09-15 3:59 Yaakov (Cygwin/X)
0 siblings, 0 replies; 11+ messages in thread
From: Yaakov (Cygwin/X) @ 2009-09-15 3:59 UTC (permalink / raw)
To: cygwin-apps
Dr. Volker Zell,
gnutls suffers from several security vulnerabilities[1]. Could you add
this to your list to update when you have a chance?
[1] http://www.gentoo.org/security/en/glsa/glsa-200905-04.xml
Yaakov
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2017-05-03 21:37 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-26 7:00 [SECURITY] gnutls Yaakov Selkowitz
2016-09-26 19:13 ` Yaakov Selkowitz
2017-02-22 18:46 ` Yaakov Selkowitz
2017-03-10 22:01 ` Yaakov Selkowitz
2017-03-24 19:00 ` Yaakov Selkowitz
2017-05-03 21:37 ` Yaakov Selkowitz
-- strict thread matches above, loose matches on Subject: below --
2012-03-25 2:54 Yaakov (Cygwin/X)
2012-03-26 9:30 ` Dr. Volker Zell
2012-05-02 6:01 ` Yaakov (Cygwin/X)
2012-06-27 3:34 ` Yaakov (Cygwin/X)
2009-09-15 3:59 Yaakov (Cygwin/X)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).