Hi, I did not check in depth myself, but from what I remember from discussions that happened last week on #tor-dev, at least one issue described in OpenSSL secadv_20120104 [0] is pretty much relevant for Tails (a few cleartext bytes leaking).
Kurt Roeckx, maintainer of OpenSSL in Debian, was asked [1] to provide fixed packages for Squeeze, and replied [2] he'll try to look at it this weekend but generally lacks time. I guess it could help if one of us volunteered to help, e.g. look how/if the fixes were backported by other distros (none that I know of, but I may have missed something), get in touch with Kurt, try test packages in the context of Tor / Tails, etc. [0] http://openssl.org/news/secadv_20120104.txt [1] http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2012-January/003046.html [2] http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2012-January/003054.html Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Did you exchange a walk on part in the war | for a lead role in the cage? _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
