[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FW: Updated OPENSSL package for Debian?

On Tue, 07 Jan 2003 at 08:00:11AM -0700, Miles Beck wrote:
> Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c?
> 
> ~/Net_SSLeay.pm-1.21$ perl Makefile.PL
> Checking for OpenSSL-0.9.6g or newer...
> You have OpenSSL-0.9.6c installed in /usr
> openssl-0.9.6d and earlier versions have security flaws, see advisory at
> www.openssl.org, upgrading to openssl-0.9.6g is recommended.


What date is on the advisory?  Is it fixed by one of these Debian
changelog entries?

openssl (0.9.6c-2.woody.1) stable-security; urgency=low

  * Update to asn1 fix corrects bounds checking error.

 -- Michael Stone <mstone@debian.org>  Sat, 03 Aug 2002 08:08:15 -0400

openssl (0.9.6c-2.woody.0) stable-security; urgency=low

  * SECURITY: patch for various overflows (upstream security patch
    0.9.6d->0.9.6e)

 -- Michael Stone <mstone@debian.org>  Mon, 29 Jul 2002 21:34:41 -0400



Regards,

-- 
Phil

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #131: Monitor VLF leakage
Reply to: