Re: Bugs in openssl and gnutls
Hi John,
> I am interested in finding out if the Debian
> community is aware of these problems and if
> the fixed versions have been added to the
> repositories.
Yes, Debian is well aware of such things. You can find a list of the Debian
Security Advisories that accompany fixed packages at
https://www.debian.org/security/
and you will see gnutls and openssl in that list.
For the stable release (Debian 7 "Wheezy"), fixes are backported and the
usptream version number does not change. You won't find openssl 1.0.1h in
wheezy but you will instead find 1.0.1e with the relevant fixes added to it.
For unstable ("sid"), you need to wait for the maintainer to upload a new
version of the package (the gnutls and openssl maintainers have been very
prompt in doing so) while for testing ("Jessie") you will either need either
grab the packages from sid manually or wait for the packages to migrate
through the normal testing migration process.
You might like to subscribe to the debian-security-announce mailing list
where the advisories are posted. It's typically only about 30 messages per
month. There's also an RSS feed if you'd prefer that.
cheers
Stuart
--
Stuart Prescott http://www.nanonanonano.net/ stuart@nanonanonano.net
Debian Developer http://www.debian.org/ stuart@debian.org
GPG fingerprint 90E2 D2C1 AD14 6A1B 7EBB 891D BBC1 7EBB 1396 F2F7
Reply to: