On Thursday 11 November 2010, Kurt Roeckx wrote:
So I've prepared a package based on the ubuntu patch. I also went
over every commit between the 0.9.8l and 0.9.8m release and am
reasonly confident this patch should work properly.
The current package is available at:
Hi Kurt,
On Thursday 11 November 2010 19:43:33 Kurt Roeckx wrote:
So I've prepared a package based on the ubuntu patch. I also went
over every commit between the 0.9.8l and 0.9.8m release and am
reasonly confident this patch should work properly.
The current package is available at:
On Sat, 2010-11-13 at 18:14 +0100, Thijs Kinkhorst wrote:
I have tested it in some different environments with different types of
configurations and the packages work very fine for me.
Just one question, did you test the patch or did you test the build?
--
To UNSUBSCRIBE, email to
On Saturday 13 November 2010 18:21:45 Jordon Bedwell wrote:
On Sat, 2010-11-13 at 18:14 +0100, Thijs Kinkhorst wrote:
I have tested it in some different environments with different types of
configurations and the packages work very fine for me.
Just one question, did you test the patch or
On Fri, Oct 01, 2010 at 12:26:31AM +0200, Kurt Roeckx wrote:
On Wed, Sep 29, 2010 at 02:13:37PM -0700, Kyle Bader wrote:
Debian, being a volunteer organization, has it's upsides and
downsides. The downside here being without an active volunteer
interested in this problem, nothing has
* Simon Josefsson:
FWIW, the latest stable GnuTLS version with RFC 5746 support is not
even in testing, so it won't be part of even the next stable.
What would be required to get a backport of RFC 5746 support into the
current stable (considering that we do not want to incorporate too
many
Florian Weimer f...@deneb.enyo.de writes:
* Simon Josefsson:
FWIW, the latest stable GnuTLS version with RFC 5746 support is not
even in testing, so it won't be part of even the next stable.
What would be required to get a backport of RFC 5746 support into the
current stable (considering
Marsh Ray ma...@extendedsubset.com writes:
On 10/21/2010 06:40 AM, Simon Josefsson wrote:
The new API to query whether the extension is negotiated or not is also
needed, but that shouldn't cause any problems as far as I can see. A
binary using the new API wouldn't work with the original
On Wed, Sep 29, 2010 at 02:13:37PM -0700, Kyle Bader wrote:
Debian, being a volunteer organization, has it's upsides and
downsides. The downside here being without an active volunteer
interested in this problem, nothing has happened.
What is needed here is someone to step up to the
On mar., 2010-09-28 at 17:58 -0500, Jordon Bedwell wrote:
On 09/28/2010 03:04 PM, Marsh Ray wrote:
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
But that's a choice made by Debian. Call it release policy, procedure,
or whatever, Debian cannot use the existence of its own bureaucracy as a
Yves-Alexis Perez cor...@debian.org writes:
On mar., 2010-09-28 at 17:58 -0500, Jordon Bedwell wrote:
On 09/28/2010 03:04 PM, Marsh Ray wrote:
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
But that's a choice made by Debian. Call it release policy, procedure,
or whatever, Debian cannot
Simon Josefsson si...@josefsson.org writes:
Yves-Alexis Perez cor...@debian.org writes:
Well, who uses gnuTLS as the server anyway?
Exim uses GnuTLS, and at least in lenny it was the default MTA.
However I looked at how Exim uses GnuTLS a long time ago, and it is not
directly vulnerable.
On Tue, 28 Sep 2010 15:04:04 -0500, Marsh Ray wrote:
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
Marsh Rayma...@extendedsubset.com writes:
As a long-term Debian user myself, I appeal to Debian's sense of
enlightened self-interest and urge that RFC 5746 support be backported
to
On 09/29/2010 03:52 PM, Michael Gilbert wrote:
On Tue, 28 Sep 2010 15:04:04 -0500, Marsh Ray wrote:
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
Marsh Rayma...@extendedsubset.com writes:
As a long-term Debian user myself, I appeal to Debian's sense of
enlightened self-interest and urge
Debian, being a volunteer organization, has it's upsides and
downsides. The downside here being without an active volunteer
interested in this problem, nothing has happened.
What is needed here is someone to step up to the plate: file some bugs;
try to find the patches; backport and test
On Wed, 29 Sep 2010 14:13:37 -0700, Kyle Bader wrote:
Debian, being a volunteer organization, has it's upsides and
downsides. The downside here being without an active volunteer
interested in this problem, nothing has happened.
What is needed here is someone to step up to the plate:
On 09/29/2010 05:51 PM, Jordon Bedwell wrote:
On 09/29/2010 04:23 PM, Michael Gilbert wrote:
I could have sworn that renegotion in lenny's openssl was disabled.
But according to the changelog, that looks to not be the case [0].
Based on that, I agree that a DSA should be issued.
Even if
On Wed, 29 Sep 2010, Marsh Ray wrote:
These five bytes will mean the world to some server admin somewhere,
who's boss is questioning his judgment for installing Debian
everywhere and now users are starting to report strange warnings in
their browsers.
Very well. Do we have something from
Simon Josefsson si...@josefsson.org writes:
Yves-Alexis Perez cor...@debian.org writes:
Well, who uses gnuTLS as the server anyway?
Exim uses GnuTLS, and at least in lenny it was the default MTA.
However I looked at how Exim uses GnuTLS a long time ago, and it is not
directly vulnerable.
Debian, being a volunteer organization, has it's upsides and
downsides. The downside here being without an active volunteer
interested in this problem, nothing has happened.
What is needed here is someone to step up to the plate: file some bugs;
try to find the patches; backport and test
On Tue, 28 Sep 2010 15:04:04 -0500, Marsh Ray wrote:
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
Marsh Rayma...@extendedsubset.com writes:
As a long-term Debian user myself, I appeal to Debian's sense of
enlightened self-interest and urge that RFC 5746 support be backported
to
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
Marsh Rayma...@extendedsubset.com writes:
As a long-term Debian user myself, I appeal to Debian's sense of
enlightened self-interest and urge that RFC 5746 support be backported
to stable.
FWIW, the latest stable GnuTLS version with RFC 5746
On 09/28/2010 03:04 PM, Marsh Ray wrote:
On 09/24/2010 02:45 AM, Simon Josefsson wrote:
But that's a choice made by Debian. Call it release policy, procedure,
or whatever, Debian cannot use the existence of its own bureaucracy as a
justification for wrong action (or inaction).
Microsoft has
Marsh Ray ma...@extendedsubset.com writes:
As a long-term Debian user myself, I appeal to Debian's sense of
enlightened self-interest and urge that RFC 5746 support be backported
to stable.
FWIW, the latest stable GnuTLS version with RFC 5746 support is not even
in testing, so it won't be
Anyway, the proper fix would be to backport the RFC5746 changes.
Yes.
Now, what's the argument for not doing it properly? :-)
But the other end will also require that support for it to work.
Not long ago, this was a chicken-and-egg problem with the clients and
servers. But at this point
I saw the security tag on bug #555829, I meant that the package page
should reflect the current security situation:
http://packages.debian.org/lenny/openssl
Shouldn't it show a [security] tag similar to:
http://packages.debian.org/lenny/couchdb
--
Kyle Bader
--
To UNSUBSCRIBE, email to
On Thu, Sep 09, 2010 at 10:36:58AM -0700, Kyle Bader wrote:
I saw the security tag on bug #555829, I meant that the package page
should reflect the current security situation:
http://packages.debian.org/lenny/openssl
Shouldn't it show a [security] tag similar to:
I saw the security tag on bug #555829, I meant that the package page
should reflect the current security situation:
http://packages.debian.org/lenny/openssl
Shouldn't it show a [security] tag similar to:
http://packages.debian.org/lenny/couchdb
As far as I can tell, that means that the
On Wed, Sep 08, 2010 at 10:20:11AM -0700, Kyle Bader wrote:
Hello Deb-sec!
I'd like to bring to the attention of the developers and the Debian
community that CVE-2009-3555 has not been completely addressed in
Debian/stable as we are meant to believe here:
29 matches
Mail list logo