Re: [buildd] Implications of DSA-1571-1
On Tue, May 13, 2008 at 11:20:49PM +0200, Ingo Juergensmann wrote:
> On Tue, May 13, 2008 at 10:51:43PM +0200, Michael Schmitz wrote:
>
> >> Well, those machines that were installed before etch, should be safe. Can
> >> anyone confirm this?
> > Should be (they should use OpenSSL 0.9.6c or some such), but they have
> > been disabled anyway.
kullervo uses openssl (0.9.8c-4), crest has no openssl, but libssl0.9.8
(0.9.8c-4), so I assume both are affected. They were reinstalled
just before I brought them to Hamburg, since they received new disks.
The user keys might be fine, but I assume the hosts keys are not.
> ... and can be re-enabled by request. So far I've just found Elgar suffering
> from this problem. Akire is down at the moment and needs a reboot.
> Arrakis, Vivaldi and Spice seem to be unaffected because they were installed
> before 2006-09-17.
>
> >> *sigh*
> >> Is there already a fixed version available in etch-m68k?
> > We'll yet have to build that, I'm afraid. Anyone on it already?
>
> Stephen said, he's working on that for etch-m68k.
I started a build on crest, kullervo does not let me install packages,
somebody has the lock? But I am afraid I wont be able to install the new
packages before friday, I have a 6am flight to Brussels (sorry Wouter,
probably no time for a beer)... Joey should be able to log onto both,
Michael should have access to crest, maybe you can install the new packages?
Christian
Reply to: