This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: [ANNOUNCEMENT] [SECURITY] Updated: openssl-1.0.1h-1, libopenssl098-0.9.8za-1
- From: Andrew Schulman <schulman dot andrew at epa dot gov>
- To: cygwin at cygwin dot com
- Date: Fri, 06 Jun 2014 11:42:03 -0400
- Subject: Re: [ANNOUNCEMENT] [SECURITY] Updated: openssl-1.0.1h-1, libopenssl098-0.9.8za-1
- Authentication-results: sourceware.org; auth=none
- References: <announce dot 539177E6 dot 10903 at cygwin dot com>
> The following packages have been updated in the Cygwin distribution:
>
> * openssl-1.0.1h-1
> * libopenssl098-0.9.8za-1 (x86 only)
> * libopenssl100-1.0.1h-1
> * openssl-devel-1.0.1h-1
>
> The OpenSSL toolkit provides support for secure communications between
> machines. OpenSSL includes a certificate management tool and shared
> libraries which provide various cryptographic algorithms and protocols.
>
> This release includes fixes for several CVEs, including CVE-2014-0224
> (SSL/TLS man-in-the-middle). Full details on these fixes are available
> here:
>
> https://www.openssl.org/news/secadv_20140605.txt
I don't see any reason here that programs that depend on libopenssl100,
such as stunnel, would need to be rebuit for this update. Do you?
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple