Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?

To: debian-user@lists.debian.org
Subject: Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?
From: "Eric G. Miller" <egm2@jps.net>
Date: Sat, 14 Sep 2002 15:17:54 -0700
Message-id: <[🔎] 20020914221754.GA3446@calico.local>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] E17qJGV-0000iW-00@alpine>
References: <[🔎] E17qJGV-0000iW-00@alpine>

On Sat, Sep 14, 2002 at 01:11:34PM -0700, Alan Su wrote:
> i just want to check on something here.  when i first upgraded to
> woody, i read <http://www.debian.org/security/2002/dsa-136>.  this
> advisory seems to indicate that the 0.9.6c version of openssl that is
> in woody has been patched to eliminate the widely-discussed
> vulnerability in openssl versions before 0.9.6e.  in other words, i
> believe that even though the base version of the openssl code that was
> used to build this package is vulnerable, the code was patched before
> the package was built.

The answer for your system(s) probably can be found in
/usr/share/doc/openssl/changelog.Debian.gz

I show it fixed 30 Jul 2002 for 0.9.6e-1, but I'm using unstable. It's
not unusually for Debian to back port security fixes (actually it's
SOP, AFAIK).

-- 
begin 664 .signature
M<F5L;&E-("Y'(&-I<D4@/G1E;BYS<&I`,FUG93P)"`@("`@("`@("`@("`@(
M"`@("`@("`@("`@("`@("`A%<FEC($<N($UI;&QE<B`\96=M,D!J<',N;F5T
"/@H`
`
end

Reply to:

Follow-Ups:
- Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?
  - From: Oleg <oleg@tw304h3.cpmc.columbia.edu>

References:
- openssl-0.9.6c-2.woody.0 not vulnerable, right?
  - From: "Alan Su" <alsu@cs.ucsd.edu>

Prev by Date: Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?
Next by Date: Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?
Previous by thread: Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?
Next by thread: Re: openssl-0.9.6c-2.woody.0 not vulnerable, right?
Index(es):
- Date
- Thread