X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:content-transfer-encoding; q=dns; s= default; b=jk8TrXOX962Bd0uDw2aJNdGZDblJgh9MMbVBl9UrXKlLCF+GIeRal Bd4cPz9/XrIhCLYfJip0cKikQXLvU97h3dJJPJKNNIgsmq0pdIfLzf4HQNe7Cgt3 iNYTu/dbpvb0cSyVf2R+RH+4XCM3mnoHSffXeSb/JW96OqdLMeHeZ4= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:date:message-id:references :mime-version:content-type:content-transfer-encoding; s=default; bh=mWtD7w8PPCWpzypizFxRiDHtQfw=; b=nZ8hmeYGc3lvOe8iHdJEWkdbBLaF 6MdPOx0h6DbjqrADcx3VeJfAg/XVsAbHCwKLR8udJOovFpHms8FxgFb28n+KPmW7 IZeNlG5PacfbJmcNiXUnk1TtK7Ba8HW7bZGYxxhYubwEBU3tzLk8PmNIfOxONLc6 BZPhCnJGobf5vKg= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.2 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 X-HELO: plane.gmane.org To: cygwin AT cygwin DOT com From: Andrew Schulman Subject: Re: [ANNOUNCEMENT] [SECURITY] Updated: openssl-1.0.1h-1, libopenssl098-0.9.8za-1 Date: Fri, 06 Jun 2014 11:42:03 -0400 Lines: 19 Message-ID: <58o3p99uet4ovpjrokurvhr41iebne9tuf@4ax.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Archive: encrypt X-IsSubscribed: yes > The following packages have been updated in the Cygwin distribution: > > * openssl-1.0.1h-1 > * libopenssl098-0.9.8za-1 (x86 only) > * libopenssl100-1.0.1h-1 > * openssl-devel-1.0.1h-1 > > The OpenSSL toolkit provides support for secure communications between > machines. OpenSSL includes a certificate management tool and shared > libraries which provide various cryptographic algorithms and protocols. > > This release includes fixes for several CVEs, including CVE-2014-0224 > (SSL/TLS man-in-the-middle). Full details on these fixes are available > here: > > https://www.openssl.org/news/secadv_20140605.txt I don't see any reason here that programs that depend on libopenssl100, such as stunnel, would need to be rebuit for this update. Do you? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple