Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability

To: debian-devel@lists.debian.org
Subject: Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
From: Turbo Fredriksson <turbo@debian.org>
Date: 25 Feb 2003 15:05:55 +0100
Message-id: <[🔎] 87k7fomp4s.fsf@papadoc.bayour.com>
In-reply-to: <m18nJ9z-000ogPC@finlandia.Infodrom.North.DE>
References: <m18nJ9z-000ogPC@finlandia.Infodrom.North.DE>

Quoting joey@infodrom.org (Martin Schulze):

> - --------------------------------------------------------------------------
> Debian Security Advisory DSA 253-1                     security@debian.org
> http://www.debian.org/security/                             Martin Schulze
> February 24th, 2003                     http://www.debian.org/security/faq
> - --------------------------------------------------------------------------
> 
> Package        : openssl
> Vulnerability  : information leak
> Problem-Type   : remote
> Debian-specific: no
> CVE Id         : CAN-2003-0078

Does anyone have a patch for version 0.9.6g-10? I'm running a semi-woody
(LDAP/Krb/SASL/SSL stuff from sid/sarge), and can't upgrade to 0.9.7a (or
downgrade to 0.9.6c)...
-- 
Kennedy Semtex counter-intelligence fissionable cracking Ft. Meade
Rule Psix DES jihad supercomputer SDI subway Ft. Bragg BATF Soviet
[See http://www.aclu.org/echelonwatch/index.html for more about this]

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: about pkt tool
Next by Date: Bug#182445: ITP: xmlroff -- XSL Formatter
Previous by thread: Re: -ja variants of slang, jed and slrn
Next by thread: Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
Index(es):
- Date
- Thread