Re: FW: Updated OPENSSL package for Debian?

To: DebianSecurity <debian-security@lists.debian.org>
Subject: Re: FW: Updated OPENSSL package for Debian?
From: "Noah L. Meyerhans" <noahm@debian.org>
Date: Tue, 7 Jan 2003 10:58:24 -0500
Message-id: <[🔎] 20030107155824.GJ25227@morgul.net>
Mail-followup-to: "Noah L. Meyerhans" <noahm@debian.org>, DebianSecurity <debian-security@lists.debian.org>
In-reply-to: <[🔎] CMECKBENAMPLFPLDFEAOCEFICFAA.mbeck@taylorthomas.com>
References: <[🔎] CMECKBENAMPLFPLDFEAOCEFICFAA.mbeck@taylorthomas.com>

On Tue, Jan 07, 2003 at 08:00:11AM -0700, Miles Beck wrote:
> Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c?

Yes, 0.9.6c-2.woody.1.  It contains all the security fixes present in
openssl-0.9.6g.

> ~/Net_SSLeay.pm-1.21$ perl Makefile.PL
> Checking for OpenSSL-0.9.6g or newer...
> You have OpenSSL-0.9.6c installed in /usr
> openssl-0.9.6d and earlier versions have security flaws, see advisory at
> www.openssl.org, upgrading to openssl-0.9.6g is recommended.

This perl module is being stupid.  It is merely checking the version
string and basing its idea of the security of openssl on that.  The
security problems it thinks are present are not, in fact, present.

noah

-- 
 _______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html

Attachment: pgpgZINIzAo8a.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- libldap DSA-227-1 and proftpd-ldap problems?
  - From: Guenther Starnberger <gst@atnet.at>

References:
- FW: Updated OPENSSL package for Debian?
  - From: "Miles Beck" <mbeck@taylorthomas.com>

Prev by Date: ssh and lastlog
Next by Date: Re: [SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution
Previous by thread: FW: Updated OPENSSL package for Debian?
Next by thread: libldap DSA-227-1 and proftpd-ldap problems?
Index(es):
- Date
- Thread