Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
Quoting joey@infodrom.org (Martin Schulze):
> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 253-1 security@debian.org
> http://www.debian.org/security/ Martin Schulze
> February 24th, 2003 http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
>
> Package : openssl
> Vulnerability : information leak
> Problem-Type : remote
> Debian-specific: no
> CVE Id : CAN-2003-0078
Does anyone have a patch for version 0.9.6g-10? I'm running a semi-woody
(LDAP/Krb/SASL/SSL stuff from sid/sarge), and can't upgrade to 0.9.7a (or
downgrade to 0.9.6c)...
--
Kennedy Semtex counter-intelligence fissionable cracking Ft. Meade
Rule Psix DES jihad supercomputer SDI subway Ft. Bragg BATF Soviet
[See http://www.aclu.org/echelonwatch/index.html for more about this]
Reply to: