Re: CVE-2009-3555 not addressed in OpenSSL

To: debian-security@lists.debian.org
Cc: Jordon Bedwell <jordon@envygeeks.com>, Kurt Roeckx <kurt@roeckx.be>, Kyle Bader <kyle.bader@gmail.com>
Subject: Re: CVE-2009-3555 not addressed in OpenSSL
From: Thijs Kinkhorst <thijs@debian.org>
Date: Sat, 13 Nov 2010 19:10:49 +0100
Message-id: <[🔎] 201011131910.53217.thijs@debian.org>
In-reply-to: <[🔎] 1289668905.4372.29.camel@envygeeks.dev>
References: <4C9B95A7.9080800@extendedsubset.com> <[🔎] 201011131815.51688.thijs@debian.org> <[🔎] 1289668905.4372.29.camel@envygeeks.dev>

On Saturday 13 November 2010 18:21:45 Jordon Bedwell wrote:
> On Sat, 2010-11-13 at 18:14 +0100, Thijs Kinkhorst wrote:
> > I have tested it in some different environments with different types of 
> > configurations and the packages work very fine for me.
> 
> Just one question, did you test the patch or did you test the build?

I'm not sure what the context of your question is, but I tested the amd64-
built packages that Kurt provided and I have built i386 packages from Kurt's 
dsc that I also tested. Testing was both for some renegotiation-specific 
scenarios as well as some regular openssl usage. Hope this answers your 
question.

Cheers,
Thijs

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Re: CVE-2009-3555 not addressed in OpenSSL
  - From: Thijs Kinkhorst <thijs@debian.org>
- Re: CVE-2009-3555 not addressed in OpenSSL
  - From: Jordon Bedwell <jordon@envygeeks.com>

Prev by Date: Re: CVE-2009-3555 not addressed in OpenSSL
Next by Date: Re: [SECURITY] [DSA 2038-3] New pidgin packages fix regression
Previous by thread: Re: CVE-2009-3555 not addressed in OpenSSL
Next by thread: Re: CVE-2009-3555 not addressed in OpenSSL
Index(es):
- Date
- Thread