openssl-0.9.6c-2.woody.0 not vulnerable, right?

To: debian-user@lists.debian.org
Subject: openssl-0.9.6c-2.woody.0 not vulnerable, right?
From: "Alan Su" <alsu@cs.ucsd.edu>
Date: Sat, 14 Sep 2002 13:11:34 -0700
Message-id: <[🔎] E17qJGV-0000iW-00@alpine>

i just want to check on something here.  when i first upgraded to
woody, i read <http://www.debian.org/security/2002/dsa-136>.  this
advisory seems to indicate that the 0.9.6c version of openssl that is
in woody has been patched to eliminate the widely-discussed
vulnerability in openssl versions before 0.9.6e.  in other words, i
believe that even though the base version of the openssl code that was
used to build this package is vulnerable, the code was patched before
the package was built.

the cert advisory released today
(<http://www.cert.org/advisories/CA-2002-27.html>) appears to describe
a worm which exploits this vulnerability, and i'd just like to make
sure that the assumptions i'm making are correct.  thanks!

-alan

Reply to:

Follow-Ups:
- Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?
  - From: Vineet Kumar <debian-user@virtual.doorstop.net>
- Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?
  - From: "Eric G. Miller" <egm2@jps.net>

Prev by Date: 免费网上商店、企业网站、招聘求职信息
Next by Date: wmaker: create a new desktop from the shell
Previous by thread: 免费网上商店、企业网站、招聘求职信息
Next by thread: Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?
Index(es):
- Date
- Thread