Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Florian Weimer said:
> The first vulnerable version, 0.9.8c-1, was uploaded to the unstable
> distribution on 2006-09-17, and has since propagated to the testing and
> current stable (etch) distributions. The old stable distribution
> (sarge) is not affected.
The information about sarge is not consistent with
http://security-tracker.debian.net/tracker/CVE-2008-0166:
Source Package Release Version Status
openssl (PTS) sarge, sarge (security) 0.9.7e-3sarge5 vulnerable
etch 0.9.8c-4etch1 vulnerable
etch (security) 0.9.8c-4etch3 fixed
lenny, sid 0.9.8g-10 fixed
Who's right here ?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFIKaRiBi3LpOkEzmoRAmnRAJ9aufBTNW+4lsY7W3QI3AE/lnJmhQCeMNrt
9hO+vDycKey8spJCPHN56Ng=
=3Hdv
-----END PGP SIGNATURE-----
Reply to: