Question regarding openssl update (dsa-288-1)
I am curious what applications it are that might break with this update
(stunnel sounds like one of them). Here's the section of the advisory that
has me concerned:
You will have to decide whether you want the security update which is not
thread-safe and recompile all applications that apparently fail after the
upgrade, or fetch the additional source packages at the end of this
advisory, recompile it and use a thread-safe OpenSSL library again, but
also recompile all applications that make use of it (such as apache-ssl,
mod_ssl, ssh etc.).
My main concerns are ssh and libapache-mod-ssl. will they break with this
update ... they don't appear to have broken but maybe I'm missing something?
Is there a list available of programs that are expected to break?
Full advisory at http://www.debian.org/security/2003/dsa-288
Fraser Campbell <email@example.com> http://www.wehave.net/
Brampton, Ontario, Canada Debian GNU/Linux