Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))

To: Kenshi Muto <kmuto@debian.org>, 481426@bugs.debian.org
Cc: Henrique de Moraes Holschuh <hmh@debian.org>
Subject: Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))
From: Roger Leigh <rleigh@whinlatter.ukfsn.org>
Date: Fri, 16 May 2008 14:01:21 +0100
Message-id: <[🔎] 20080516130120.GA18388@nagini.vm.bytemark.co.uk>
Reply-to: Roger Leigh <rleigh@whinlatter.ukfsn.org>, 481426@bugs.debian.org
In-reply-to: <[🔎] 20080516010251.982601A7336@mail.topstudio.co.jp>
References: <20080515232754.B76711A72ED@mail.topstudio.co.jp> <[🔎] 20080515225755.16721.74942.reportbug@localhost.localdomain> <[🔎] handler.481426.D481426.12108940772395.ackdone@bugs.debian.org> <[🔎] 20080516001245.GD23721@khazad-dum.debian.net> <[🔎] 20080516010251.982601A7336@mail.topstudio.co.jp>

On Fri, May 16, 2008 at 10:02:51AM +0900, Kenshi Muto wrote:
> At Thu, 15 May 2008 21:13:06 -0300,
> Henrique de Moraes Holschuh wrote:
> > On Thu, 15 May 2008, Debian Bug Tracking System wrote:
> > > Debian's CUPS has used GNUTLS instead of OpenSSL by default.
> > 
> > That doesn't make any difference if the certificate it is using was
> > generated by openssl.   Is that certificate under the local admin
> > control?   If it is, cupsys can also be affected.
> 
> Yes, admins can replace the key by themselves with their responsibility
> (but I haven't tried it).
> 
> Because SSLkeys Wiki page focuses the weak keys made by Debian official
> packages at this time, I don't think it is valuable to describe about CUPS
> there.

Doesn't CUPS automatically generate SSL keys?  If so, the existing keys
will be insecure.  Surely this will require action to regenerate the
keys, so is it not part of the SSL vulnerability?


Thanks,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.

Reply to:

Follow-Ups:
- Bug#481426: [Pkg-cups-devel] Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))
  - From: Martin Pitt <mpitt@debian.org>

References:
- Bug#481426: cupsys: SSL Certs Insecure (DSA-1571)
  - From: Sheridan Hutchinson <Sheridan@Shezza.org>
- Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))
  - From: Kenshi Muto <kmuto@debian.org>

Prev by Date: Bug#467117: [Pkg-hpijs-devel] Bug#467117: Confirmed: locale dependency in hp-toolbox
Next by Date: Bug#481426: [Pkg-cups-devel] Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))
Previous by thread: Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))
Next by thread: Bug#481426: [Pkg-cups-devel] Bug#481426: marked as done (cupsys: SSL Certs Insecure (DSA-1571))
Index(es):
- Date
- Thread