Please test the openssl packages from http://people.debian.org/~kroeckx/openssl and report success/failure briefly to jmm@debian.org. This update deprecates MD-2 (CVE-2009-2409) and we'd like to hear about affected certificates used in the wild (results from testing/unstable are fairly limited so far). Cheers, Moritz