DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 60MHEb4x2200471
Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 60MHEb4x2200471
Authentication-Results: delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=BYq+AgTX
X-Recipient: archive-cygwin@delorie.com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 856AA4BC895F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1769102076;
	bh=0e9oiH1qqMoOT87FLMBJOtld/XAG5wD4sv4vIhV7FDI=;
	h=Date:Subject:To:References:In-Reply-To:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=BYq+AgTXq5gK2JmCNkZvjloaWL7kgl2fKBSy7B+tAosrH0kh5aMQ6G6f2upap0Jad
	 tj+7JJwM6oZQvtGEcuxZOqNhe5XzeBwqc3oHUed1FKmYmFh6oKSNG5snTiJBtkYFg+
	 Aqb9jdJIXjCOpgufB9qEw5J8mBNv1ayVCvbrNm7M=
X-Original-To: cygwin@cygwin.com
Delivered-To: cygwin@cygwin.com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 74DD24BA2E2E
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 74DD24BA2E2E
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1769102027; cv=none;
 b=LIOeGR9g8dp8JnYpEdZH0gr0whzg7/XO+EadTcF/i2OfrEx7tYxykhtIC/EQkfBPP8X4rYhsIwk0sSXDKa1RY9CM2mRc5Zrcr8iz9JjQuuG+8xy+mMd2FIyVZOT7UPfwCzTMpMUJ1Rmk5EA4FMAi/3E2yQDj3iJSGSRzq9hhhLg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1769102027; c=relaxed/simple;
 bh=5exvzJIp/BAySRQdAaHEXYC6sVY2j3tN3o0Wjka3KqQ=;
 h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
 b=Z8FXhD90gooocFO0BJMUVF6sfYHpmSeWStCGK3oxzTcbaEi/9n+LEu0+DM5G1M5zW5Pt4L8hy0/GJwq8lFXcMsD5DdUKj+ORpLwNY1Am1o01RvEOr9U1gAHl9AWfm2FbpNCu1OLM2jSl8XfNcTwHsMd+TLes3ORO+o/Nf2pnK7s=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 74DD24BA2E2E
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1769102026; x=1769706826;
 h=content-transfer-encoding:in-reply-to:from:references:to
 :content-language:subject:user-agent:mime-version:date:message-id
 :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=bdYG/TX7yZvW2NLyCDIhULfHWVKdq+Xs9CoDSZa1cMo=;
 b=bs94rg+KJE0VGCM+mv5YdghTJh61E8YRJu2tHU8fmgeinKC51NtHJ23fitdBKkeFWa
 ugRrLcl9yXiiR5dWvxeDujycwPS9nPT3I8iFq98MjefMU7eBEM2+dMeNCG9BWQ8hxhc0
 4oLA/STigVmfX1/AAMRhFR39CclJf165k2cQPEn8EgKIwnh4I4vwmDIj6EKCj7XSMIKJ
 Y6TH9kJ4NXxh2y45h8uopKeB3ZUIzP7NTFbjKeaNBEp1Cyq0aeM2ztFbiX3N5s7Rk3WL
 QZv9AJswW6MMnaj4BJpa24x6JZaW5u7isJt3lAhZttAscTBFVscu8tQbYycJidRfPecS
 E4EA==
X-Gm-Message-State: AOJu0YxcNqRLbmN3HWZE8Lvbl9JBFw+0KYdK2rk3mHFM6G/n5BHYR2/C
 sZNaf4B7AKB2iZG8+8BEBrKfx8eGwxRiYoa6GMI4uGuEWOI2V3RmiuiwFKu2nw==
X-Gm-Gg: AZuq6aKY1TddNYHpuI/fc6/DoVRSF5vW93gzyLnbDpoCZPjh79WIDnP0ezCD6iokt5Z
 J0/q2iiRrlZHDQqaCqB6AMOugkPiYuTl6kmnH4ozjXbdgf6QMIwu02X9wsJDcqJnVGIUQg8errs
 jFtaTt9pp5TJo4rMw8dx/ImjxaHKxE4rVIs8H1a/JN+9vGvOBQjQEOMyKCGaPa0h/44dPt0kc8/
 7nDPqPms4XteKRyh3/A84V/n5NX2qxq71NnlrPdGgU+lnGZLh1KPscyFUL9qFUSr6wOrgVXgVaZ
 SKlke1Clwh0418n9vx2xW+VseCJ4XOgGUkE2GJKfHj/SV6OtF+y9V0Bq/dnuS0TU9zIZAeNgDi8
 t1S1pNyBwfTdqtYn3eMm3sj9pNQuwyL3278TaGMdSLIrpfu3Q6MZgxkJaJexTFlt5jziydGB3Ln
 VNLhLJBj46hYwaJ/aMf3nCMoXBIbbvMNTRRhQNzCRAjBX+ROjgbWYyNUSj0GhE0lvtzswm
X-Received: by 2002:a05:6000:288c:b0:430:fd60:93fb with SMTP id
 ffacd0b85a97d-435b160378dmr421516f8f.32.1769102026265; 
 Thu, 22 Jan 2026 09:13:46 -0800 (PST)
Message-ID: <6040d6ad-9d19-4f1b-9a0b-f8b379175830@gmail.com>
Date: Thu, 22 Jan 2026 18:13:45 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: CVE-2025-13151 and Cygwin package libtasn1_6
Content-Language: en-GB
To: cygwin@cygwin.com
References: <BN9P111MB2434F33C607CDE0AB042906EB097A@BN9P111MB2434.NAMP111.PROD.OUTLOOK.COM>
In-Reply-To: <BN9P111MB2434F33C607CDE0AB042906EB097A@BN9P111MB2434.NAMP111.PROD.OUTLOOK.COM>
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
From: Marco Atzeri via Cygwin <cygwin@cygwin.com>
Reply-To: Marco Atzeri <marco.atzeri@gmail.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: "Cygwin" <cygwin-bounces~archive-cygwin=delorie.com@cygwin.com>

On 22/01/2026 17:50, FOPPE, JEFFREY B CIV USAF AFMC AFLCMC/WFRQ via 
Cygwin wrote:
> CVE-2025-13151 points out a vulnerability in libtasn1 versions 4.20 and earlier.  The version provided through Cygwin is much earlier.  It doesn't look like this package has been updated since 2019 and is listed as Orphaned.  A lot of other packages seem to depend on it.  Does anyone know if a developer will look at updating this?
> 
> 
> Jeff Foppe
> 
> 
Looking on it

Regards
Marco


-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple