Re: CVE-2009-3555 not addressed in OpenSSL

To: Marsh Ray <marsh@extendedsubset.com>
Cc: debian-security@lists.debian.org
Subject: Re: CVE-2009-3555 not addressed in OpenSSL
From: Simon Josefsson <simon@josefsson.org>
Date: Fri, 24 Sep 2010 09:45:14 +0200
Message-id: <[🔎] 87sk0z37qt.fsf@mocca.josefsson.org>
In-reply-to: <[🔎] 4C9B95A7.9080800@extendedsubset.com> (Marsh Ray's message of "Thu, 23 Sep 2010 13:00:07 -0500")
References: <[🔎] 4C9B95A7.9080800@extendedsubset.com>

Marsh Ray <marsh@extendedsubset.com> writes:

> As a long-term Debian user myself, I appeal to Debian's sense of
> enlightened self-interest and urge that RFC 5746 support be backported
> to stable.

FWIW, the latest stable GnuTLS version with RFC 5746 support is not even
in testing, so it won't be part of even the next stable.  It may be too
late for that in the release cycle though...

/Simon

Reply to:

Follow-Ups:
- Re: CVE-2009-3555 not addressed in OpenSSL
  - From: Marsh Ray <marsh@extendedsubset.com>

References:
- Re: Re: CVE-2009-3555 not addressed in OpenSSL
  - From: Marsh Ray <marsh@extendedsubset.com>

Prev by Date: Re: Re: CVE-2009-3555 not addressed in OpenSSL
Next by Date: Re: CVE-2009-3555 not addressed in OpenSSL
Previous by thread: Re: Re: CVE-2009-3555 not addressed in OpenSSL
Next by thread: Re: CVE-2009-3555 not addressed in OpenSSL
Index(es):
- Date
- Thread