I don't fully understand DSA 875-1. I waited with this mail because I thought I could figure it out myself but I can't.
Martin Schulze wrote: > Package : openssl094 > Vulnerability : cryptographic weakness > Problem type : remote > Debian-specific: no > CVE ID : CVE-2005-2969 I have read the CVE advisory, why is DSA 875-1 only about openssl094? Will there be other DSAs? I am asking because it seems strange to me that Woody is already fixed but other, more important systems (the current stable for example) will have to wait. > The following matrix explains which version in which distribution has > this problem corrected. > > oldstable (woody) stable (sarge) unstable (sid) > openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 > openssl 094 0.9.4-6.woody.4 n/a n/a > openssl 095 0.9.5a-6.woody.6 n/a n/a > openssl 096 n/a 0.9.6m-1sarge1 n/a > openssl 097 n/a n/a 0.9.7g-5 > > We recommend that you upgrade your libssl packages. Where is the binary package of openssl 0.9.7e-3sarge1? I could not find it on security.debian.org. If I overlooked it, could someone please provide me with a pointer to it? > Debian GNU/Linux 3.0 alias woody I hope there will be other DSAs covering this CVE. Please cc me as I am not subscribed to this list any more. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
