[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Question regarding openssl update (dsa-288-1)


I am curious what applications it are that might break with this update 
(stunnel sounds like one of them).  Here's the section of the advisory that 
has me concerned:

    You will have to decide whether you want the security update which is not
    thread-safe and recompile all applications that apparently fail after the
    upgrade, or fetch the additional source packages at the end of this
    advisory, recompile it and use a thread-safe OpenSSL library again, but
    also recompile all applications that make use of it (such as apache-ssl,
    mod_ssl, ssh etc.).

My main concerns are ssh and libapache-mod-ssl. will they break with this 
update ... they don't appear to have broken but maybe I'm missing something?  
Is there a list available of programs that are expected to break?

Full advisory at http://www.debian.org/security/2003/dsa-288

Fraser Campbell <fraser@wehave.net>                 http://www.wehave.net/
Brampton, Ontario, Canada                                 Debian GNU/Linux

Reply to: