I'm not sure if this is considered "normal and ok" but it seems reasonable...
> Packages in question are, amongst others, fetchmail-ssl, kmail, kppp, > korn, kit ksirc and several other KDE packages. Since there are DSA's > for openssl and kdelibs, my guess is that the aforementioned packages > are "just" recompiles against the fixed libraries. Should there not > be DSA's for that as well? > After all, the package seems to be affected by the security issue to > some extent (otherwise recompilation is rather pointless). Well, the case with openssl is that any tcp service that uses openssl may be exploited using a malformed packet. This should not, however, require a recompile - such is the beauty of shared libs.. Not sure about kdelibs, but I would assume that the problem with kdelibs may have required a recompile, as it's a much more complex library than openssl (and may have some different/added functionality rather than a simple <10 line fix). -Justin
