-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Florian Weimer said: > The first vulnerable version, 0.9.8c-1, was uploaded to the unstable > distribution on 2006-09-17, and has since propagated to the testing and > current stable (etch) distributions. The old stable distribution > (sarge) is not affected. The information about sarge is not consistent with http://security-tracker.debian.net/tracker/CVE-2008-0166: Source Package Release Version Status openssl (PTS) sarge, sarge (security) 0.9.7e-3sarge5 vulnerable etch 0.9.8c-4etch1 vulnerable etch (security) 0.9.8c-4etch3 fixed lenny, sid 0.9.8g-10 fixed Who's right here ? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFIKaRiBi3LpOkEzmoRAmnRAJ9aufBTNW+4lsY7W3QI3AE/lnJmhQCeMNrt 9hO+vDycKey8spJCPHN56Ng= =3Hdv -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
