Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
On Tue, Feb 25, 2003 at 03:05:55PM +0100, Turbo Fredriksson wrote:
> Quoting joey@infodrom.org (Martin Schulze):
>
> > - --------------------------------------------------------------------------
> > Debian Security Advisory DSA 253-1 security@debian.org
> > http://www.debian.org/security/ Martin Schulze
> > February 24th, 2003 http://www.debian.org/security/faq
> > - --------------------------------------------------------------------------
> >
> > Package : openssl
> > Vulnerability : information leak
> > Problem-Type : remote
> > Debian-specific: no
> > CVE Id : CAN-2003-0078
>
> Does anyone have a patch for version 0.9.6g-10? I'm running a semi-woody
> (LDAP/Krb/SASL/SSL stuff from sid/sarge), and can't upgrade to 0.9.7a (or
> downgrade to 0.9.6c)...
You can see the patch used by diffing the previous woody version with the
security update.
--
- mdz
Reply to: