Re: Packages that need to be rebuilt agaisnt libssl0.9.8
On Thu, Oct 06, 2005 at 10:20:12PM +0200, Christoph Martin wrote:
> a lot of people bugged me about the new version and upstream only recommends
> this version. It also closes a grave security bug.
Hm, that wasn't listed in the changelog. Anyway, there hasn't been a security
advisory about openssl recently, did you backport a patch to the sarge version
(and prefereably also, to the woody version) and informed the security team? I
noticed you just requested help for maintaining openssl, so I can imagine that
it's been hard to find to come up with a patch, but it would at least be
beneficial to at least document such security issues, by informing security
team, filing an RC bug on your own package, and mentioning the CVE ID (or at
the very least, a short description of the bug fixed) in your changelog entry.
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)