Bug#444435: [Pkg-openssl-devel] Bug#444435: Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

So we have those versions: Current Fixed openssl: Oldstable 0.9.7e-3sarge4 0.9.7e-3sarge5 Stable 0.9.8c-40.9.8c-4etch1 Testing0.9.8e-6 Unstable 0.9.8e-8

Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

Package: openssl Version: 0.9.8c-4, 0.9.7e-3sarge4 Severity: critical Tags: sarge, etch, security According to http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 is not yet available): Off-by-one error in the SSL_get_shared_ciphers

Bug#444435: [Pkg-openssl-devel] Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

On Fri, Sep 28, 2007 at 07:16:15PM +0200, Kurt Roeckx wrote: Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. So, it seems to be that

Bug#444435: [Pkg-openssl-devel] Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

tags 35 - sarge etch clone 35 -1 reassign -1 openssl097 0.9.7k-3.1 thanks On Fri, Sep 28, 2007 at 04:16:02PM +0200, Axel Beckert wrote: Package: openssl Version: 0.9.8c-4, 0.9.7e-3sarge4 Severity: critical Tags: sarge, etch, security Since this applies to sid (and oldstable) too,

Bug#444435: [Pkg-openssl-devel] Bug#444435: Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

On Fri, Sep 28, 2007 at 07:16:15PM +0200, Kurt Roeckx wrote: On Fri, Sep 28, 2007 at 04:16:02PM +0200, Axel Beckert wrote: Package: openssl Version: 0.9.8c-4, 0.9.7e-3sarge4 Severity: critical Tags: sarge, etch, security Since this applies to sid (and oldstable) too, those tags are

Bug#444435: [Pkg-openssl-devel] Bug#444435: Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

On Fri, Sep 28, 2007 at 03:59:46PM -0400, Noah Meyerhans wrote: On Fri, Sep 28, 2007 at 09:53:34PM +0200, Kurt Roeckx wrote: I've also prepared an upload for stable-security at people.debian.org/~kroeckx/openssl Thanks. Is there any chance of fixing this for oldstable? The security

Bug#444435: [Pkg-openssl-devel] Bug#444435: Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

On Fri, Sep 28, 2007 at 09:53:34PM +0200, Kurt Roeckx wrote: I've also prepared an upload for stable-security at people.debian.org/~kroeckx/openssl Thanks. Is there any chance of fixing this for oldstable? noah signature.asc Description: Digital signature

Bug#444435: [Pkg-openssl-devel] Bug#444435: Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

On Fri, Sep 28, 2007 at 10:19:11PM +0200, Kurt Roeckx wrote: Thanks. Is there any chance of fixing this for oldstable? The security team wasn't interested in doing updates for oldstable-security before. Eh? I must have missed that. We claim to support oldstable for 1 year, which means

Bug#444435: [Pkg-openssl-devel] Bug#444435: Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

On Fri, Sep 28, 2007 at 04:23:37PM -0400, Noah Meyerhans wrote: On Fri, Sep 28, 2007 at 10:19:11PM +0200, Kurt Roeckx wrote: Thanks. Is there any chance of fixing this for oldstable? The security team wasn't interested in doing updates for oldstable-security before. Eh? I must have