DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 60MHEb4x2200471
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 60MHEb4x2200471
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=BYq+AgTX
X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 856AA4BC895F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1769102076;
	bh=0e9oiH1qqMoOT87FLMBJOtld/XAG5wD4sv4vIhV7FDI=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=BYq+AgTXq5gK2JmCNkZvjloaWL7kgl2fKBSy7B+tAosrH0kh5aMQ6G6f2upap0Jad
	 tj+7JJwM6oZQvtGEcuxZOqNhe5XzeBwqc3oHUed1FKmYmFh6oKSNG5snTiJBtkYFg+
	 Aqb9jdJIXjCOpgufB9qEw5J8mBNv1ayVCvbrNm7M=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 74DD24BA2E2E
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 74DD24BA2E2E
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1769102027; cv=none;
 b=LIOeGR9g8dp8JnYpEdZH0gr0whzg7/XO+EadTcF/i2OfrEx7tYxykhtIC/EQkfBPP8X4rYhsIwk0sSXDKa1RY9CM2mRc5Zrcr8iz9JjQuuG+8xy+mMd2FIyVZOT7UPfwCzTMpMUJ1Rmk5EA4FMAi/3E2yQDj3iJSGSRzq9hhhLg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1769102027; c=relaxed/simple;
 bh=5exvzJIp/BAySRQdAaHEXYC6sVY2j3tN3o0Wjka3KqQ=;
 h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
 b=Z8FXhD90gooocFO0BJMUVF6sfYHpmSeWStCGK3oxzTcbaEi/9n+LEu0+DM5G1M5zW5Pt4L8hy0/GJwq8lFXcMsD5DdUKj+ORpLwNY1Am1o01RvEOr9U1gAHl9AWfm2FbpNCu1OLM2jSl8XfNcTwHsMd+TLes3ORO+o/Nf2pnK7s=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 74DD24BA2E2E
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1769102026; x=1769706826;
 h=content-transfer-encoding:in-reply-to:from:references:to
 :content-language:subject:user-agent:mime-version:date:message-id
 :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=bdYG/TX7yZvW2NLyCDIhULfHWVKdq+Xs9CoDSZa1cMo=;
 b=bs94rg+KJE0VGCM+mv5YdghTJh61E8YRJu2tHU8fmgeinKC51NtHJ23fitdBKkeFWa
 ugRrLcl9yXiiR5dWvxeDujycwPS9nPT3I8iFq98MjefMU7eBEM2+dMeNCG9BWQ8hxhc0
 4oLA/STigVmfX1/AAMRhFR39CclJf165k2cQPEn8EgKIwnh4I4vwmDIj6EKCj7XSMIKJ
 Y6TH9kJ4NXxh2y45h8uopKeB3ZUIzP7NTFbjKeaNBEp1Cyq0aeM2ztFbiX3N5s7Rk3WL
 QZv9AJswW6MMnaj4BJpa24x6JZaW5u7isJt3lAhZttAscTBFVscu8tQbYycJidRfPecS
 E4EA==
X-Gm-Message-State: AOJu0YxcNqRLbmN3HWZE8Lvbl9JBFw+0KYdK2rk3mHFM6G/n5BHYR2/C
 sZNaf4B7AKB2iZG8+8BEBrKfx8eGwxRiYoa6GMI4uGuEWOI2V3RmiuiwFKu2nw==
X-Gm-Gg: AZuq6aKY1TddNYHpuI/fc6/DoVRSF5vW93gzyLnbDpoCZPjh79WIDnP0ezCD6iokt5Z
 J0/q2iiRrlZHDQqaCqB6AMOugkPiYuTl6kmnH4ozjXbdgf6QMIwu02X9wsJDcqJnVGIUQg8errs
 jFtaTt9pp5TJo4rMw8dx/ImjxaHKxE4rVIs8H1a/JN+9vGvOBQjQEOMyKCGaPa0h/44dPt0kc8/
 7nDPqPms4XteKRyh3/A84V/n5NX2qxq71NnlrPdGgU+lnGZLh1KPscyFUL9qFUSr6wOrgVXgVaZ
 SKlke1Clwh0418n9vx2xW+VseCJ4XOgGUkE2GJKfHj/SV6OtF+y9V0Bq/dnuS0TU9zIZAeNgDi8
 t1S1pNyBwfTdqtYn3eMm3sj9pNQuwyL3278TaGMdSLIrpfu3Q6MZgxkJaJexTFlt5jziydGB3Ln
 VNLhLJBj46hYwaJ/aMf3nCMoXBIbbvMNTRRhQNzCRAjBX+ROjgbWYyNUSj0GhE0lvtzswm
X-Received: by 2002:a05:6000:288c:b0:430:fd60:93fb with SMTP id
 ffacd0b85a97d-435b160378dmr421516f8f.32.1769102026265; 
 Thu, 22 Jan 2026 09:13:46 -0800 (PST)
Message-ID: <6040d6ad-9d19-4f1b-9a0b-f8b379175830@gmail.com>
Date: Thu, 22 Jan 2026 18:13:45 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: CVE-2025-13151 and Cygwin package libtasn1_6
Content-Language: en-GB
To: cygwin AT cygwin DOT com
References: <BN9P111MB2434F33C607CDE0AB042906EB097A AT BN9P111MB2434 DOT NAMP111 DOT PROD DOT OUTLOOK DOT COM>
In-Reply-To: <BN9P111MB2434F33C607CDE0AB042906EB097A@BN9P111MB2434.NAMP111.PROD.OUTLOOK.COM>
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: Marco Atzeri via Cygwin <cygwin AT cygwin DOT com>
Reply-To: Marco Atzeri <marco DOT atzeri AT gmail DOT com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>

On 22/01/2026 17:50, FOPPE, JEFFREY B CIV USAF AFMC AFLCMC/WFRQ via 
Cygwin wrote:
> CVE-2025-13151 points out a vulnerability in libtasn1 versions 4.20 and earlier.  The version provided through Cygwin is much earlier.  It doesn't look like this package has been updated since 2019 and is listed as Orphaned.  A lot of other packages seem to depend on it.  Does anyone know if a developer will look at updating this?
> 
> 
> Jeff Foppe
> 
> 
Looking on it

Regards
Marco


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple