Re: [buildd] Implications of DSA-1571-1

To: debian-68k@lists.debian.org
Subject: Re: [buildd] Implications of DSA-1571-1
From: Stephen R Marenka <stephen@marenka.net>
Date: Wed, 14 May 2008 19:49:02 -0500
Message-id: <[🔎] 20080515004902.GA8647@marenka.net>
Mail-followup-to: debian-68k@lists.debian.org
In-reply-to: <[🔎] alpine.DEB.1.00.0805150020340.2749@zirkon.biophys.uni-duesseldorf.de>
References: <[🔎] 20080513180053.GK9921@2004.bluespice.org> <[🔎] 20080514162951.GA17105@country.nixsys.be> <[🔎] alpine.DEB.1.00.0805150020340.2749@zirkon.biophys.uni-duesseldorf.de>

On Thu, May 15, 2008 at 02:16:25AM +0200, Michael Schmitz wrote:
>>> Well, those machines that were installed before etch, should be safe. Can
>>> anyone confirm this?
>>
>> Only if you have an RSA key. DSA (as in, Digital Signature Algorithm)
>> keys should be considered compromised, too, since they use the OpenSSL
>> randomizer, which is buggy.
>
> q650 has libssl0.9.7 0.9.7e-3sarge1 - the advisory said the bug was 
> introduced with 0.9.8c. So it would seem sarge installs are in the clear. 
> Can we confirm that in some way? Can we backport the fixes to sarge if 
> necessary?

Everything I've read says that sarge is in the clear.

-- 
Stephen R. Marenka     If life's not fun, you're not doing it right!
<stephen@marenka.net>

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- [buildd] Implications of DSA-1571-1
  - From: Ingo Juergensmann <ij@2008.bluespice.org>
- Re: [buildd] Implications of DSA-1571-1
  - From: Wouter Verhelst <wouter@debian.org>
- Re: [buildd] Implications of DSA-1571-1
  - From: Michael Schmitz <schmitz@mail.biophys.uni-duesseldorf.de>

Prev by Date: Re: [buildd] Implications of DSA-1571-1
Next by Date: Re: [buildd] Implications of DSA-1571-1
Previous by thread: Re: [buildd] Implications of DSA-1571-1
Next by thread: Re: [buildd] Implications of DSA-1571-1
Index(es):
- Date
- Thread