Re: CVE-2009-3555 not addressed in OpenSSL
On Thursday 11 November 2010, Kurt Roeckx wrote:
> So I've prepared a package based on the ubuntu patch. I also went
> over every commit between the 0.9.8l and 0.9.8m release and am
> reasonly confident this patch should work properly.
>
> The current package is available at:
> http://people.debian.org/~kroeckx/openssl/rfc5746/
>
> I would welcome people testing it. Note that it might still
> change based on feedback from people.
It seems at least tor needs some patching to work with the updated
openssl. [1]
Peter, can you test that and prepare/test an updated package for Lenny
if necessary, please? Thanks in advance.
[1] http://archives.seul.org/or/cvs/Apr-2010/msg00214.html
Reply to: