Mail Archives: cygwin/2026/01/23/06:03:38

marco atzeri via Cygwin <cygwin AT cygwin DOT com> · Fri, 23 Jan 2026 12:02:32 +0100

On Fri, 23 Jan 2026, 10:22 Brian Inglis via Cygwin, <cygwin AT cygwin DOT com>
wrote:

> On 2026-01-22 13:30, Marco Atzeri via Cygwin wrote:
> > On 22/01/2026 18:46, ASSI via Cygwin wrote:
> >> Marco Atzeri via Cygwin writes:
> >>> On 22/01/2026 17:50, FOPPE, JEFFREY B CIV USAF AFMC AFLCMC/WFRQ via
> >>> Cygwin wrote:
> >>>> CVE-2025-13151 points out a vulnerability in libtasn1 versions 4.20
> >>>> and earlier.  The version provided through Cygwin is much earlier.
> >>>> It doesn't look like this package has been updated since 2019 and is
> >>>> listed as Orphaned.  A lot of other packages seem to depend on it.
> >>>> Does anyone know if a developer will look at updating this?
> >>
> >>> Looking on it
> >>
> >> It looks like it'll be a few more days before the release is done
> >> upstream.
>
> > My understanding is that 4.21.0 is safe from this
> >
> > https://lists.gnu.org/archive/html/help-libtasn1/2026-01/msg00001.html
> >
> > I am testing the package build on Scallywag
> > https://cygwin.com/cgi-bin2/jobs.cgi
> >
> > Locally it passed all tests.
>
> Could also do with an update to gnutls 3.8.11?
>

I will look during weekend

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 60NB3cK82928298
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 60NB3cK82928298
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=pN5IYEih
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 5A2BC4BA2E32
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1769166216;
	bh=UBEXVv0Pp7b1YRMOXoMWAun2KBNAebexUCrO72HAtfc=;
	h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=pN5IYEihtrQmroFnE32ndZnGrlw6A23vl7eHpPfSh5jreNSbX92ZKX8GxVZ2OA1BX
	vM5UH4J14xsrupx/GHaFFydmRxj+Izn6XBszlzS0XHCFi9U2r1T4M5EzkofQKQaDpT
	yrK/t9CeueXZjBoaT3NjrBNLSNbMp/Lj0Y+BRKtM=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org DFFBD4BA2E21
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org DFFBD4BA2E21
ARC-Seal:	i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1769166167; cv=pass;
	b=eWwZdN4Dg61LJEMBmEVsY8mObyZ6AE6K/7LGvKae17wsyRlU3h1QwiLZmlnuP6pi0Wu02GQK6dcTajIuMVLcUdpMvMrFNYpOlAm0p0dGW8US7ZjbbWEzVbYRqtpCxdYtIaMMer3kh2EmOg9qx78+I7zwZZdgyeHoK8p9ftbI13w=
ARC-Message-Signature:	i=2; a=rsa-sha256; d=sourceware.org; s=key;
	t=1769166167; c=relaxed/simple;
	bh=yhde1pl+3a4dO+qBTJDat554rEDRCfA3kGeTz2rKOvs=;
	h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
	b=kvoz1zuHg5j47Z9aGA6bYnHJ50dlsDsV+VaGGS36pyUUfJlK5r7ebBo/KeJ9iz6BbU3iO4cGyPovOPLQmTfsUMBPQN8HdZ1k/L5ZVXnpD+jjI+JMI0RJ+P7s0WxiKKh8BAHG99wG5VWRJmUznKTDeR7Rv44Y+7IKDIb+kQc2iWg=
ARC-Authentication-Results:	i=2; server2.sourceware.org
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org DFFBD4BA2E21
ARC-Seal:	i=1; a=rsa-sha256; t=1769166165; cv=none;
	d=google.com; s=arc-20240605;
	b=PD0wFOXlhLKtc2jKGznk7RE2ZRsH5POaw2EtisStF97ZjQ/4xSMSpmCPcW+ujOHMT0
	Pux3t9dwtjhQpSXk65DInbxGbFjvCMEz5zeYan3Fqh4AaPzMsDeGk0/OoQ/f1ruW8zND
	kqutbOTZYgL7lx0YITrnfJ0cLfqevDf2LAnIItVfHZsKhjKQTkSy7DRKkKh1RppN7xDJ
	TRsOQmRsbpIs92SOu+w5uGEQFRvpVwdVR8dYerUbBg3pQVJKd6VO/JLTNFw+IYdfCLCe
	Smg2SulWfNQUycInio0sZ2gq+0ON2RoE79+45qIMcXv87dDUl4ooI2QwpmuuyjUeNLuk
	g7mw==
ARC-Message-Signature:	i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20240605;
	h=to:subject:message-id:date:from:in-reply-to:references:mime-version
	:dkim-signature;
	bh=taGwbIUf80Ij2GmHwc0N1VbEeR3ddP2VdpO9g6BoIN0=;
	fh=YZH5uM5/yfouasGmhd4aBgFJjkmPDWmx6Ke4uaPtCZY=;
	b=lTscRVFwpt1VPQXlD9ZJFrCwBRWc2VlKymH6TVP/3ZIWVoZckp7pIQBeHE7BnHlj/e
	OHDMiCB+UgfZ8cCsUeqM6H6y8xhb3Gnhe7QpAVBlGilU3rr3J1XF0FFrLQ95jFLDWY+W
	V1BgucvfqeqsKi9BHQNAtSIzhmXG954ixdJ0WrAmT+lIW0Iv8Nsngg0YMIYiFdzMQNjD
	es2NpiCKoyazpzSZ90Mdef1/KQ9Tayhd4RHdFTwiqBlhLM2is6jLW328gYRgvLiokyIG
	Hxx5R6/qOSln7W98u9MB6bJ6l6SqofmjRPgWhmpDY9+aK/Q7tqkEPszk9ONzGEsSEvNj
	n+HQ==; darn=cygwin.com
ARC-Authentication-Results:	i=1; mx.google.com; arc=none
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20230601; t=1769166165; x=1769770965;
	h=to:subject:message-id:date:from:in-reply-to:references:mime-version
	:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
	:reply-to;
	bh=taGwbIUf80Ij2GmHwc0N1VbEeR3ddP2VdpO9g6BoIN0=;
	b=pSTssw6+NF6RZnIOi7suwH1das4dgCEP5nG4SV9sA9qFR76yv4+g5kTZtRtFnpDls2
	xDiF9Pe8RdnZTasKfYnfq4689ygQSwrRDeh9Lh+mnxEQVw/4OSnbRY/z60Nx3Q3RfCSF
	lYMrwFHdikMY1UQyigNvsYTGhDytUhybqemt3BLbMu3r3xE36q7jEwLOMMaXlNSK1xUa
	uqxz8zlrN3DzlDGvBvnEOBabSmaOvPJYtz9Dr8DyUQUSorzd+BEEkgpHPWaoevyeAmcU
	h9oWNzk6Xoi3VxB/eDTsUpsm0Pg9LNgNh0Dyq1TjdQcTwJp9jSTE/9QdKFEFasyVGMNr
	NkxA==
X-Gm-Message-State:	AOJu0YxeWYny9tMPOUwXa8ZFUirYHGy1hh/q/9yE7ujn6T0R+gmqn5RN
	W83v7DPxIQKaTYj9FAPIWDds3y9yaiKz6CmQnjALoMiYMg6mwte4PuNkxvy7YZEYmffDC/NQ/gI
	Astj1FAIzNd/wh+8AWrVMzj3kH4lN1KRfSA==
X-Gm-Gg:	AZuq6aIkRoPw7Vy/QAOh/n5NsPJMOR4aviy6Bb09rwNQd32N5480NYICfCuhHkLmys0
	GBKg3c2LQjLZeC+SrDheuq1JODNttNYpHd8n8FegrBaZd/6bKqIxXQulWtTV2+56V9b4FzsYPHr
	KAreNx4CyA+GhIs69TGtWUEybOxEgIzQ8Qc9BxZnG0s5LQ9s3jbZZegs+v8PUs/ucY/DoG0pF6r
	F1k1hdzq4Hf4l1cAXkE6bfiS6780wrDtsdnUvyF849WS9VhUQVXCbRF8dp2lWKLtJXnB+bnGhKy
	ELtaThnIRbP+kHInG4tN7cefu+A=
X-Received:	by 2002:a05:7300:cd87:b0:2af:fbb:97d6 with SMTP id
	5a478bee46e88-2b739bd2a29mr1205464eec.42.1769166165115; Fri, 23 Jan 2026
	03:02:45 -0800 (PST)
MIME-Version:	1.0
References:	<BN9P111MB2434F33C607CDE0AB042906EB097A AT BN9P111MB2434 DOT NAMP111 DOT PROD DOT OUTLOOK DOT COM>
	<6040d6ad-9d19-4f1b-9a0b-f8b379175830 AT gmail DOT com>
	<87v7gtsfpl DOT fsf AT Gerda DOT invalid>
	<2b687296-0fbd-4b48-867a-0ac8ce38be82 AT gmail DOT com>
	<18d758ba-fa32-46b4-8948-b7b448e52d05 AT SystematicSW DOT ab DOT ca>
In-Reply-To:	<18d758ba-fa32-46b4-8948-b7b448e52d05@SystematicSW.ab.ca>
Date:	Fri, 23 Jan 2026 12:02:32 +0100
X-Gm-Features:	AZwV_Qgba3lVlT0XpIkItRWoNpTa5mVx0v3tW5hyfo0_oVTmx2yXXXSEZvFZ9Wg
Message-ID:	<CAB8Xom8epGnfoFs7LMQAmCuMcobVa5ykeaH_R3Xvei001JVmsA@mail.gmail.com>
Subject:	Re: CVE-2025-13151 and Cygwin package libtasn1_6
To:	The Cygwin Mailing List <cygwin AT cygwin DOT com>
X-Content-Filtered-By:	Mailman/MimeDel 2.1.30
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	marco atzeri via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	marco atzeri <marco DOT atzeri AT gmail DOT com>
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>

webmaster	delorie software privacy
Copyright � 2019 by DJ Delorie	Updated Jul 2019