Re: OpenSSL update for timing based attack with CBC-mode.

To: debian-security@lists.debian.org
Subject: Re: OpenSSL update for timing based attack with CBC-mode.
From: Matt Zimmerman <mdz@debian.org>
Date: Thu, 20 Feb 2003 13:30:11 -0500
Message-id: <[🔎] 20030220183011.GG32688@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20030220171719.GC15689@hekta.org>
References: <[🔎] 20030220171719.GC15689@hekta.org>

On Thu, Feb 20, 2003 at 06:17:19PM +0100, Harald Skoglund wrote:

> Are there packages under way for this [
> http://www.openssl.org/news/secadv_20030219.txt ] advisory or is the
> openssl version in debian not vulnerable? 

I imagine there will be an advisory, but I wouldn't lose any sleep over it
in the meantime.  If you read the details of the bug, you'll find that the
exploit scenario is a bit on the theoretical side.

-- 
 - mdz

Reply to:

References:
- OpenSSL update for timing based attack with CBC-mode.
  - From: Harald Skoglund <harald@hekta.org>

Prev by Date: Re: OpenSSH updates
Next by Date: Re: OpenSSH updates
Previous by thread: OpenSSL update for timing based attack with CBC-mode.
Next by thread: OpenSSH updates
Index(es):
- Date
- Thread