X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
X-Spam-Check-By:	sourceware.org
Date:	Tue, 24 Apr 2012 11:21:29 +0200
From:	Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To:	cygwin AT cygwin DOT com
Subject:	[ANNOUNCEMENT] Updated: libopenssl098-0.9.8w-1
Message-Id:	<announce.20120424092129.GA20233@calimero.vinschen.de>
MIME-Version:	1.0
User-Agent:	Mutt/1.5.21 (2010-09-15)
Reply-To:	cygwin AT cygwin DOT com
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

I've updated the version of the OpenSSL 0.9.8 libs to 0.9.8w-1.

This is an upstream security release.  The Cygwin release is build from
the vanilla sources.

Here's the official security advisory:

------------------------------------------------------------------------
OpenSSL Security Advisory [24 Apr 2012]
=======================================

ASN1 BIO incomplete fix (CVE-2012-2131)
=======================================

It was discovered that the fix for CVE-2012-2110 released on 19 Apr
2012 was not sufficient to correct the issue for OpenSSL 0.9.8.

Please see http://www.openssl.org/news/secadv_20120419.txt for details
of that vulnerability.

This issue only affects OpenSSL 0.9.8v.  OpenSSL 1.0.1a and 1.0.0i
already contain a patch sufficient to correct CVE-2012-2110.

Thanks to Red Hat for discovering and fixing this issue.

Affected users should upgrade to 0.9.8w.

References
==========

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20120424.txt
------------------------------------------------------------------------


To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.


*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:


cygwin-announce-unsubscribe-you=yourdomain DOT com AT cygwin DOT com

If you need more information on unsubscribing, start reading here:

http://sourceware.org/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at the above URL.

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -