> So we have those versions:
Current Fixed
> openssl:
>Oldstable 0.9.7e-3sarge4 0.9.7e-3sarge5
>Stable 0.9.8c-40.9.8c-4etch1
>Testing0.9.8e-6
>Unstable 0.9.8e-8
On Fri, Sep 28, 2007 at 04:23:37PM -0400, Noah Meyerhans wrote:
> On Fri, Sep 28, 2007 at 10:19:11PM +0200, Kurt Roeckx wrote:
> > > Thanks. Is there any chance of fixing this for oldstable?
> >
> > The security team wasn't interested in doing updates for
> > oldstable-security before.
>
> Eh?
On Fri, Sep 28, 2007 at 10:19:11PM +0200, Kurt Roeckx wrote:
> > Thanks. Is there any chance of fixing this for oldstable?
>
> The security team wasn't interested in doing updates for
> oldstable-security before.
Eh? I must have missed that. We claim to support oldstable for 1 year,
which mean
On Fri, Sep 28, 2007 at 03:59:46PM -0400, Noah Meyerhans wrote:
> On Fri, Sep 28, 2007 at 09:53:34PM +0200, Kurt Roeckx wrote:
> >
> > I've also prepared an upload for stable-security at
> > people.debian.org/~kroeckx/openssl
>
> Thanks. Is there any chance of fixing this for oldstable?
The sec
On Fri, Sep 28, 2007 at 09:53:34PM +0200, Kurt Roeckx wrote:
>
> I've also prepared an upload for stable-security at
> people.debian.org/~kroeckx/openssl
Thanks. Is there any chance of fixing this for oldstable?
noah
signature.asc
Description: Digital signature
On Fri, Sep 28, 2007 at 07:16:15PM +0200, Kurt Roeckx wrote:
> On Fri, Sep 28, 2007 at 04:16:02PM +0200, Axel Beckert wrote:
> > Package: openssl
> > Version: 0.9.8c-4, 0.9.7e-3sarge4
> > Severity: critical
> > Tags: sarge, etch, security
>
> Since this applies to sid (and oldstable) too, those ta
On Fri, Sep 28, 2007 at 07:16:15PM +0200, Kurt Roeckx wrote:
> > Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL
> > 0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary
> > code via a crafted packet that triggers a one-byte buffer underflow.
So, it seems to be th
tags 35 - sarge etch
clone 35 -1
reassign -1 openssl097 0.9.7k-3.1
thanks
On Fri, Sep 28, 2007 at 04:16:02PM +0200, Axel Beckert wrote:
> Package: openssl
> Version: 0.9.8c-4, 0.9.7e-3sarge4
> Severity: critical
> Tags: sarge, etch, security
Since this applies to sid (and oldstable) too,
Package: openssl
Version: 0.9.8c-4, 0.9.7e-3sarge4
Severity: critical
Tags: sarge, etch, security
According to http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 is not
yet available):
Off-by-one error in the SSL_get_shared_ciphers funct
9 matches
Mail list logo