[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[debian-knoppix] I'll walk to the bank! WAS: OpenSSL 0.9.7b

On April 15, 2003 01:56 pm, Gilles Pelletier wrote:
> From: http://www.openssl.org :
> 10-apr-2003 : OpenSSL 0.9.7b is now available, including important
> bugfixes

I was thinking about using OpenSSL for banking, but today comes a 
patch to the most recent bug fix.

And what's a bug fix supposed to mean when OpenSSL workings are hidden 
from the user: either it works or it doesn't. If it doesn't it's a 
security hole. 

Anyway. There must be something I'm not getting again... I hope.

From: http://lwn.net/Articles/29213 :

For the unstable distribution (sid) these problems have been fixed in
version 0.9.7b-1 of openssl and version 0.9.6j-1 of openssl096.

(And, of course...)

RSA blinding is not thread-safe and will cause failures
for programs that use threads and OpenSSL such as stunnel.  However,
since the proposed fix would change the binary interface (ABI),
programs that are dynamically linked against OpenSSL won't run

La Masse critique
debian-knoppix mailing list

Reply to: