On Sat, Sep 14, 2002 at 07:46:03PM +0200, Guille -bisho- wrote: > I have seen two Debian machines exploited with the -d version of > openssl, denoted by the the files: > /tmp/.bugtraq.c /tmp/.uubugtraq That's not surprising. OpenSSL 0.9.6d is vulnerable. However, in woody we have 0.9.6c-2.woody.0, whose most recent changelog entry is: openssl (0.9.6c-2.woody.0) stable-security; urgency=low * SECURITY: patch for various overflows (upstream security patch 0.9.6d->0.9.6e) -- Michael Stone <mstone@debian.org> Mon, 29 Jul 2002 21:34:41 -0400 So if you were running the 0.9.6d on your Debian box, it's probably because you are running testing (since 'd' was never part of woody), which we all know is a bad idea if you want to keep it secure. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgpONztMEAtgG.pgp
Description: PGP signature