Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
From: "Michel Messerschmidt" <lists@michel-messerschmidt.de>
Date: Tue, 13 May 2008 16:23:30 +0200 (CEST)
Message-id: <[🔎] 61363.195.124.114.37.1210688610.squirrel@webmail.artfiles.de>
Reply-to: lists@michel-messerschmidt.de
In-reply-to: <87od7az9v4.fsf@mid.deneb.enyo.de>
References: <87od7az9v4.fsf@mid.deneb.enyo.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Florian Weimer said:
> The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
> distribution on 2006-09-17, and has since propagated to the testing and
> current stable (etch) distributions.  The old stable distribution
> (sarge) is not affected.

The information about sarge is not consistent with
http://security-tracker.debian.net/tracker/CVE-2008-0166:

Source Package Release                 Version         Status
openssl (PTS)  sarge, sarge (security) 0.9.7e-3sarge5  vulnerable
               etch                    0.9.8c-4etch1   vulnerable
               etch (security)         0.9.8c-4etch3   fixed
               lenny, sid              0.9.8g-10       fixed

Who's right here ?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFIKaRiBi3LpOkEzmoRAmnRAJ9aufBTNW+4lsY7W3QI3AE/lnJmhQCeMNrt
9hO+vDycKey8spJCPHN56Ng=
=3Hdv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Previous by thread: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by thread: dowkd.pl via Package
Index(es):
- Date
- Thread