Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability

To: debian-devel@lists.debian.org
Subject: Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 25 Feb 2003 11:24:30 -0500
Message-id: <[🔎] 20030225162430.GH485@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87k7fomp4s.fsf@papadoc.bayour.com>
References: <m18nJ9z-000ogPC@finlandia.Infodrom.North.DE> <[🔎] 87k7fomp4s.fsf@papadoc.bayour.com>

On Tue, Feb 25, 2003 at 03:05:55PM +0100, Turbo Fredriksson wrote:

> Quoting joey@infodrom.org (Martin Schulze):
> 
> > - --------------------------------------------------------------------------
> > Debian Security Advisory DSA 253-1                     security@debian.org
> > http://www.debian.org/security/                             Martin Schulze
> > February 24th, 2003                     http://www.debian.org/security/faq
> > - --------------------------------------------------------------------------
> > 
> > Package        : openssl
> > Vulnerability  : information leak
> > Problem-Type   : remote
> > Debian-specific: no
> > CVE Id         : CAN-2003-0078
> 
> Does anyone have a patch for version 0.9.6g-10? I'm running a semi-woody
> (LDAP/Krb/SASL/SSL stuff from sid/sarge), and can't upgrade to 0.9.7a (or
> downgrade to 0.9.6c)...

You can see the patch used by diffing the previous woody version with the
security update.

-- 
 - mdz

Reply to:

References:
- Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
  - From: Turbo Fredriksson <turbo@debian.org>

Prev by Date: Bug#182302: ITP: bincimap -- IMAP server with support for Maildir
Next by Date: Bug#182449: ITP: xsh -- A fast and powerfull command-line XML editor
Previous by thread: Re: [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
Next by thread: Bug#182445: ITP: xmlroff -- XSL Formatter
Index(es):
- Date
- Thread