So we have those versions:
Current Fixed
openssl:
Oldstable 0.9.7e-3sarge4 0.9.7e-3sarge5
Stable 0.9.8c-40.9.8c-4etch1
Testing0.9.8e-6
Unstable 0.9.8e-8
Package: openssl
Version: 0.9.8c-4, 0.9.7e-3sarge4
Severity: critical
Tags: sarge, etch, security
According to http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 is not
yet available):
Off-by-one error in the SSL_get_shared_ciphers
On Fri, Sep 28, 2007 at 07:16:15PM +0200, Kurt Roeckx wrote:
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL
0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary
code via a crafted packet that triggers a one-byte buffer underflow.
So, it seems to be that
tags 35 - sarge etch
clone 35 -1
reassign -1 openssl097 0.9.7k-3.1
thanks
On Fri, Sep 28, 2007 at 04:16:02PM +0200, Axel Beckert wrote:
Package: openssl
Version: 0.9.8c-4, 0.9.7e-3sarge4
Severity: critical
Tags: sarge, etch, security
Since this applies to sid (and oldstable) too,
On Fri, Sep 28, 2007 at 07:16:15PM +0200, Kurt Roeckx wrote:
On Fri, Sep 28, 2007 at 04:16:02PM +0200, Axel Beckert wrote:
Package: openssl
Version: 0.9.8c-4, 0.9.7e-3sarge4
Severity: critical
Tags: sarge, etch, security
Since this applies to sid (and oldstable) too, those tags are
On Fri, Sep 28, 2007 at 03:59:46PM -0400, Noah Meyerhans wrote:
On Fri, Sep 28, 2007 at 09:53:34PM +0200, Kurt Roeckx wrote:
I've also prepared an upload for stable-security at
people.debian.org/~kroeckx/openssl
Thanks. Is there any chance of fixing this for oldstable?
The security
On Fri, Sep 28, 2007 at 09:53:34PM +0200, Kurt Roeckx wrote:
I've also prepared an upload for stable-security at
people.debian.org/~kroeckx/openssl
Thanks. Is there any chance of fixing this for oldstable?
noah
signature.asc
Description: Digital signature
On Fri, Sep 28, 2007 at 10:19:11PM +0200, Kurt Roeckx wrote:
Thanks. Is there any chance of fixing this for oldstable?
The security team wasn't interested in doing updates for
oldstable-security before.
Eh? I must have missed that. We claim to support oldstable for 1 year,
which means
On Fri, Sep 28, 2007 at 04:23:37PM -0400, Noah Meyerhans wrote:
On Fri, Sep 28, 2007 at 10:19:11PM +0200, Kurt Roeckx wrote:
Thanks. Is there any chance of fixing this for oldstable?
The security team wasn't interested in doing updates for
oldstable-security before.
Eh? I must have
9 matches
Mail list logo