X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:from:to:subject:date:message-id
	:mime-version:content-type:content-transfer-encoding; q=dns; s=
	default; b=C5nkFI3pnnS1aJJZgF1FgqC5eCWEChSOVQnKtK/cvtjaERNZojGtK
	AGYz5BF7YWaTcrtJgEc26n+R204jPqt4VJcZeN8zOAP13YhsxyDM4gNfCCtMVWzb
	/S+kO+ug9jNvJmnBCbPwLUmUpt6UJCIQdYmsYXXoDPBG8232bcSSpk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:from:to:subject:date:message-id
	:mime-version:content-type:content-transfer-encoding; s=default;
	 bh=MFWJJtmWG8QoWbU3RMghU4clDII=; b=ldfPL1JrqQvLqUji+7ZXnolTBvVS
	3jV9/Ecx4mogdYz+yEoIqxXGfTH7RJ3fK0vyg96zRO6AS8ajJdWeUQTJpEZKJ6mL
	ahFXLObrrFQoruXiNzgoCHHPQ5f+x/nSwDQcCwDDVNZPAkZj5y7HWKbvgGpyvHNm
	OYS0xW1eiJ6troI=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_20,KAM_NUMSUBJECT,UNSUBSCRIBE_BODY autolearn=no version=3.3.1 spammy=H*F:D*gov, folder, ssl, vulnerability
X-HELO: localhost.localdomain
Reply-To: cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;	d=comcastmailservice.net; s=20180828_2048; t=1560443802;	bh=yr5ukbrxoTfi3gLv/Qh18sLVtP/GZ+IcwrxWfqwTSMY=;	h=Received:Received:Received:From:To:Subject:Date:Message-ID:	 MIME-Version:Content-Type;	b=eTqks9cOm5j9WbA5YPNd3XPJRW6c7gtsK7OSP0FXeV1yy93csTTsm8xvXWsXVwneT	 JHquCZU0aUIXR+9r24Bep0V8vpYQTh4bwhk8yS26Ki3r6ZqSUSymorcui00qtS/NHA	 o6PjYywYSdm6sZQ9lAv9r0a4bhrfFwVOIM1WhoCj1v5fPWJcd8t8J7O4ZrzH1E/bxL	 dRDwclHMT5y+8vZDNOvckR9A++9FTlVTWNQ9YDuiK58b8s4w08aYcszAdiomsyYuks	 bGKMxvZK7Bt69DyMJrSdf6KTNAFQR0qVrpkhzgEGj6zICAjUbBFdh4m/CYaJp2G5nJ	 9KTz+Ue3qajLw==
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgeduuddrudehledguddtfecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihdpqfgfvfdppffquffrtefokffrnecuuegrihhlohhuthemuceftddtnecufghrlhcuvffnffculddqiedmnecujfgurhephffvufffkffogggtgfesthhqsfdtufdtvdenucfhrhhomheptehnughrvgifucfutghhuhhlmhgrnhcuoehstghhuhhlmhgrnhdrrghnughrvgifsegvphgrrdhgohhvqeenucffohhmrghinheptgihghifihhnrdgtohhmpdhsthhunhhnvghlrdhorhhgpdihohhurhguohhmrghinhdrtghomhenucfkphepuddtkedrfedurdelhedrudefheenucfrrghrrghmpehhvghlohephhgvlhhiuhhmpdhinhgvthepuddtkedrfedurdelhedrudefhedpmhgrihhlfhhrohhmpehstghhuhhlmhgrnhdrrghnughrvgifsegvphgrrdhgohhvpdhrtghpthhtoheptgihghifihhnqdgrnhhnohhunhgtvgestgihghifihhnrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
X-Xfinity-VMeta: sc=-6;st=legit
From: Andrew Schulman <schulman DOT andrew AT epa DOT gov>
To: cygwin AT cygwin DOT com
Subject: [ANNOUNCEMENT] [SECURITY] stunnel 5.55-1
Date: Thu, 13 Jun 2019 12:36:32 -0400
Message-Id: <announce.9lu4ge11gpe0shu4cqvknmle139hvvobqi@4ax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id x5DGcfOk009299

stunnel 5.55-1 is now available in Cygwin. This release includes the
following security fixes:

* Fixed a Windows local privilege escalation vulnerability caused insecure
OpenSSL cross-compilation defaults. Successful exploitation requires
stunnel to be deployed as a Windows service, and user-writable C:\ folder.
This vulnerability was discovered and reported by Rich Mirch.

* OpenSSL DLLs updated to version 1.1.1c.

If you have stunnel installed, you should update to this release right
away. Please see the upstream changelog[1] for the full list of fixes and
improvements since the previous Cygwin release, 5.50-1.

stunnel is a program that allows you to encrypt arbitrary TCP connections
inside TLS (Transport Layer Security, the successor to Secure Sockets Layer
(SSL)).  stunnel can allow you to secure non-TLS-aware daemons and
protocols (like POP, IMAP, LDAP, etc) by having stunnel provide the
encryption, requiring no changes to the daemon's code.

Andrew E. Schulman

[1]https://www.stunnel.org/ChangeLog.md.html


*******************************************************************


To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.

              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com_at_cygwin.com

If you need more information on unsubscribing, start reading here:

http://cygwin.com/lists.html#subscribe-unsubscribe

Please read *all* of the information on unsubscribing that is available
starting at this URL.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple