[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2009-3555 not addressed in OpenSSL



On Thursday 11 November 2010, Kurt Roeckx wrote:
> So I've prepared a package based on the ubuntu patch.  I also went
> over every commit between the 0.9.8l and 0.9.8m release and am
> reasonly confident this patch should work properly.
> 
> The current package is available at:
> http://people.debian.org/~kroeckx/openssl/rfc5746/
> 
> I would welcome people testing it.  Note that it might still
> change based on feedback from people.

It seems at least tor needs some patching to work with the updated 
openssl. [1]

Peter, can you test that and prepare/test an updated package for Lenny 
if necessary, please? Thanks in advance.

[1] http://archives.seul.org/or/cvs/Apr-2010/msg00214.html


Reply to: