Are there packages under way for this [ http://www.openssl.org/news/secadv_20030219.txt ] advisory or is the openssl version in debian not vulnerable? -- Harald