Mail Archives: cygwin/2026/01/22/15:31:35

www.delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2026/01/22/15:31:35

DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 60MKVZl62282031

Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com

Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com

DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 60MKVZl62282031

Authentication-Results: delorie.com;

dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=UJjpQaZW

X-Recipient: archive-cygwin AT delorie DOT com

DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E63A84BA9039

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;

s=default; t=1769113893;

bh=KF2fVsWdbipxrXHpZ93xAAmuTa2VDXVr7fr/N3ZQ1oo=;

h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:

List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:

From;

b=UJjpQaZWnyGKlmaMmlF25CxaNkPChDWBqgEb3UpJSZ1KwHMgeBbijG0OSwm/RX2/6

7WsieXKpROUnHxXGkD+qh4o5R449ln3dOEgQKyyXOf0zmLMhrgMXnPnu446q+l3W1z

8EkaUo/17OBzAKfOG7xmHoz+E0+5fezOpqzzJxQw=

X-Original-To: cygwin AT cygwin DOT com

Delivered-To: cygwin AT cygwin DOT com

DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EE1AA4BA23EA

ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EE1AA4BA23EA

ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1769113844; cv=none;

b=hl/YppJ/2y9XLim1BHKjsRi1S/+WANW7OUqK4Az6fUaghS8uPjtauOoPBj0e3fHnyYqG8E9aKmNqhi/MfjhHs8DufbaXSj0PFbdR58WkqonjG9raeIMWEkKEuWXhVIbbMOKLUAVQdLCwp7/Prxaihqwe9dnRLeuXVLHEacUgB9E=

ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;

t=1769113844; c=relaxed/simple;

bh=wTTbDK2Y5XH/w+U132ZMhz/Vzene+MDlUndutYDFJog=;

h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;

b=Vr5hp9VAooT8+KHdg1LX4Ze+Dr8qfDHgwbw3r3bOcU1R4+2GSxhrN2QuoQgyB4zeLZcTNG1IIkZ/LrWgFAkMfi/7w6iOy5z9xlWVhLrYHbSj3+d5q63Hdukl/kntA62IL/Bhsa7Ftkr1IBQhqg52L0x3UWfu9fcYzmLK8ToKBJw=

ARC-Authentication-Results: i=1; server2.sourceware.org

DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EE1AA4BA23EA

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1769113843; x=1769718643;

h=content-transfer-encoding:in-reply-to:from:references:to

:content-language:subject:user-agent:mime-version:date:message-id

:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=E8Mtf9ghE+dK/77SfvpgJWjJ7q5kV+kB98imG1VRhLY=;

b=X/ZgjZ3Fvc57SO/Ix7dlf9nD2662vTAfnvSih3pi6mZ2G9o/yGogt7Bqnd8caHjlkz

ziW607UNXN3pFStUNlrLyuyrBkZNOBloJbyGRK2/MCd0eg8mi+HS/32aH34P7jUVqq5W

lq4midyA6gPRKMaJ9dBP02gy4uC62ijZMNA5/GCtWPsyzCFUFe8LjfEAGOZ0KoXnLtpF

c2T9tseEZdewnGsLIT9cmrnl/JZyyvL47zmd53ll1WKL1UsCpS48nJlGr7EcBN39mpM5

O+brWst6WHSv/6Bk85l3ODyb1KqDtwp9+3jL64D0dnO6+0YvHvZlQxG9fuH7mx6qy9B+

pwog==

X-Gm-Message-State: AOJu0YwN+gzidpRdxKFW7XfR57gUcNGw9m1eufmBGiKYryE66fLAziq1

a0UI3zJnI1R+S9i1+6/m6NoKvNgwrPs30IDZxFTsnKmMIYoPZ9aUCBREyRP+hQ==

X-Gm-Gg: AZuq6aLjQGujNqe1Ptxd0kWrD1Mexx1Iqb9JQx1ML91P637DYIEYLAR20lcwadppgNS

GnXSpuaMWiLgdp1JI3/UnBlZUH5o8jqJHcRjSMyhZOfG5vAGH10eKlCH3g3ebEdPzhE0pR7j/Lh

TRAJNI1qlnZ4+X++z8UH1Cpz+OHLNFjtTdajUOK9+2joq9PAJnB2MdS70xPiacIzva3weFfeeRI

H4TLrv3OVzlmSfttaDeYOsQin+nRAccuB3qynebn029fS/+DPZwDw1zEtLsgfsWqOKeaSjYc1Zd

yO8HS6i+zEY9UJyw06iO74H2X9s0Fvns121JFC6sDoO2ALflQG3t2KvFvPOMNL2lRotx4D03Frj

ba/WPNssyUCBsO0SZgEYJtTyppxVJcdCBis0dPd7fC5xfyuv2mNu5jhCnDIBi9JAw1EZAxVnVDK

5U/utuO0InlgveLW9Y5XHGJ8xrOZ9oqo/kBjYOt8zv2MDzMJqkrgz9K7UZHAFp187rzbDw

X-Received: by 2002:a05:600c:8b61:b0:479:3a86:dc1e with SMTP id

5b1f17b1804b1-4804c9ca954mr14516705e9.36.1769113842800;

Thu, 22 Jan 2026 12:30:42 -0800 (PST)

Message-ID: <2b687296-0fbd-4b48-867a-0ac8ce38be82@gmail.com>

Date: Thu, 22 Jan 2026 21:30:40 +0100

MIME-Version: 1.0

User-Agent: Mozilla Thunderbird

Subject: Re: CVE-2025-13151 and Cygwin package libtasn1_6

To: cygwin AT cygwin DOT com

References: <BN9P111MB2434F33C607CDE0AB042906EB097A AT BN9P111MB2434 DOT NAMP111 DOT PROD DOT OUTLOOK DOT COM>

<6040d6ad-9d19-4f1b-9a0b-f8b379175830 AT gmail DOT com>

<87v7gtsfpl DOT fsf AT Gerda DOT invalid>

In-Reply-To: <87v7gtsfpl.fsf@Gerda.invalid>

X-BeenThere: cygwin AT cygwin DOT com

X-Mailman-Version: 2.1.30

List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>

List-Archive: <https://cygwin.com/pipermail/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>

List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,

<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>

From: Marco Atzeri via Cygwin <cygwin AT cygwin DOT com>

Reply-To: Marco Atzeri <marco DOT atzeri AT gmail DOT com>

Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>

On 22/01/2026 18:46, ASSI via Cygwin wrote:
> Marco Atzeri via Cygwin writes:
>> On 22/01/2026 17:50, FOPPE, JEFFREY B CIV USAF AFMC AFLCMC/WFRQ via
>> Cygwin wrote:
>>> CVE-2025-13151 points out a vulnerability in libtasn1 versions 4.20
>>> and earlier.  The version provided through Cygwin is much earlier.
>>> It doesn't look like this package has been updated since 2019 and is
>>> listed as Orphaned.  A lot of other packages seem to depend on it.
>>> Does anyone know if a developer will look at updating this?
> 
>> Looking on it
> 
> It looks like it'll be a few more days before the release is done
> upstream.
> 
> 
> Regards,
> Achim.

Thanks Achim,

My understanding is that 4.21.0 is safe from this

https://lists.gnu.org/archive/html/help-libtasn1/2026-01/msg00001.html

I am testing the package build on Scallywag
https://cygwin.com/cgi-bin2/jobs.cgi

Locally it passed all tests.

Regards
Marco


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 60MKVZl62282031
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 60MKVZl62282031
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=UJjpQaZW
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org E63A84BA9039
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1769113893;
	bh=KF2fVsWdbipxrXHpZ93xAAmuTa2VDXVr7fr/N3ZQ1oo=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=UJjpQaZWnyGKlmaMmlF25CxaNkPChDWBqgEb3UpJSZ1KwHMgeBbijG0OSwm/RX2/6
	7WsieXKpROUnHxXGkD+qh4o5R449ln3dOEgQKyyXOf0zmLMhrgMXnPnu446q+l3W1z
	8EkaUo/17OBzAKfOG7xmHoz+E0+5fezOpqzzJxQw=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org EE1AA4BA23EA
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org EE1AA4BA23EA
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1769113844; cv=none;
	b=hl/YppJ/2y9XLim1BHKjsRi1S/+WANW7OUqK4Az6fUaghS8uPjtauOoPBj0e3fHnyYqG8E9aKmNqhi/MfjhHs8DufbaXSj0PFbdR58WkqonjG9raeIMWEkKEuWXhVIbbMOKLUAVQdLCwp7/Prxaihqwe9dnRLeuXVLHEacUgB9E=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1769113844; c=relaxed/simple;
	bh=wTTbDK2Y5XH/w+U132ZMhz/Vzene+MDlUndutYDFJog=;
	h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
	b=Vr5hp9VAooT8+KHdg1LX4Ze+Dr8qfDHgwbw3r3bOcU1R4+2GSxhrN2QuoQgyB4zeLZcTNG1IIkZ/LrWgFAkMfi/7w6iOy5z9xlWVhLrYHbSj3+d5q63Hdukl/kntA62IL/Bhsa7Ftkr1IBQhqg52L0x3UWfu9fcYzmLK8ToKBJw=
ARC-Authentication-Results:	i=1; server2.sourceware.org
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org EE1AA4BA23EA
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20230601; t=1769113843; x=1769718643;
	h=content-transfer-encoding:in-reply-to:from:references:to
	:content-language:subject:user-agent:mime-version:date:message-id
	:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
	:reply-to;
	bh=E8Mtf9ghE+dK/77SfvpgJWjJ7q5kV+kB98imG1VRhLY=;
	b=X/ZgjZ3Fvc57SO/Ix7dlf9nD2662vTAfnvSih3pi6mZ2G9o/yGogt7Bqnd8caHjlkz
	ziW607UNXN3pFStUNlrLyuyrBkZNOBloJbyGRK2/MCd0eg8mi+HS/32aH34P7jUVqq5W
	lq4midyA6gPRKMaJ9dBP02gy4uC62ijZMNA5/GCtWPsyzCFUFe8LjfEAGOZ0KoXnLtpF
	c2T9tseEZdewnGsLIT9cmrnl/JZyyvL47zmd53ll1WKL1UsCpS48nJlGr7EcBN39mpM5
	O+brWst6WHSv/6Bk85l3ODyb1KqDtwp9+3jL64D0dnO6+0YvHvZlQxG9fuH7mx6qy9B+
	pwog==
X-Gm-Message-State:	AOJu0YwN+gzidpRdxKFW7XfR57gUcNGw9m1eufmBGiKYryE66fLAziq1
	a0UI3zJnI1R+S9i1+6/m6NoKvNgwrPs30IDZxFTsnKmMIYoPZ9aUCBREyRP+hQ==
X-Gm-Gg:	AZuq6aLjQGujNqe1Ptxd0kWrD1Mexx1Iqb9JQx1ML91P637DYIEYLAR20lcwadppgNS
	GnXSpuaMWiLgdp1JI3/UnBlZUH5o8jqJHcRjSMyhZOfG5vAGH10eKlCH3g3ebEdPzhE0pR7j/Lh
	TRAJNI1qlnZ4+X++z8UH1Cpz+OHLNFjtTdajUOK9+2joq9PAJnB2MdS70xPiacIzva3weFfeeRI
	H4TLrv3OVzlmSfttaDeYOsQin+nRAccuB3qynebn029fS/+DPZwDw1zEtLsgfsWqOKeaSjYc1Zd
	yO8HS6i+zEY9UJyw06iO74H2X9s0Fvns121JFC6sDoO2ALflQG3t2KvFvPOMNL2lRotx4D03Frj
	ba/WPNssyUCBsO0SZgEYJtTyppxVJcdCBis0dPd7fC5xfyuv2mNu5jhCnDIBi9JAw1EZAxVnVDK
	5U/utuO0InlgveLW9Y5XHGJ8xrOZ9oqo/kBjYOt8zv2MDzMJqkrgz9K7UZHAFp187rzbDw
X-Received:	by 2002:a05:600c:8b61:b0:479:3a86:dc1e with SMTP id
	5b1f17b1804b1-4804c9ca954mr14516705e9.36.1769113842800;
	Thu, 22 Jan 2026 12:30:42 -0800 (PST)
Message-ID:	<2b687296-0fbd-4b48-867a-0ac8ce38be82@gmail.com>
Date:	Thu, 22 Jan 2026 21:30:40 +0100
MIME-Version:	1.0
User-Agent:	Mozilla Thunderbird
Subject:	Re: CVE-2025-13151 and Cygwin package libtasn1_6
To:	cygwin AT cygwin DOT com
References:	<BN9P111MB2434F33C607CDE0AB042906EB097A AT BN9P111MB2434 DOT NAMP111 DOT PROD DOT OUTLOOK DOT COM>
	<6040d6ad-9d19-4f1b-9a0b-f8b379175830 AT gmail DOT com>
	<87v7gtsfpl DOT fsf AT Gerda DOT invalid>
In-Reply-To:	<87v7gtsfpl.fsf@Gerda.invalid>
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Marco Atzeri via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Marco Atzeri <marco DOT atzeri AT gmail DOT com>
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>