[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssl update

On Thu, Oct 27, 2005 at 07:29:42AM -0400, Roberto C. Sanchez wrote:
> Date: Thu, 27 Oct 2005 07:29:42 -0400
> From: "Roberto C. Sanchez" <roberto@familiasanchez.net>
> To: Alexei Chetroi <debian@lexa.uniflux-line.net>,
> 	debian-user@lists.debian.org
> Subject: Re: openssl update
> On Thu, Oct 27, 2005 at 01:36:44PM +0300, Alexei Chetroi wrote:
> >   Hi,
> > 
> >   Recently, there was a message in debian-security-announce, regarding
> > vulnerability in openssl package. I did 'aptitude update', but I don't
> > what is wrong? There's no openssl package in security repository.
> > 
> Read the advisory again.  It only applies to an older version in Woody.

  I don't quite understand this advisory. It says that package
openssl094 is affected. But there's no such package, even in oldstable.
Could it be libssl0.9.4?
  Later in advisory there's a matrix:

                oldstable (woody)      stable (sarge)     unstable (sid)
openssl          0.9.6c-2.woody.8       0.9.7e-3sarge1      0.9.8-3
openssl 094      0.9.4-6.woody.4             n/a              n/a
openssl 095      0.9.5a-6.woody.6            n/a              n/a
openssl 096           n/a               0.9.6m-1sarge1        n/a
openssl 097           n/a                    n/a            0.9.7g-5

but in sarge it is version 0.9.7e-3, not 0.9.7e-3sarge1. Whether there's
a typo in matrix, or it wasn't uploaded to the server. Could it be

  Best wishes

Alexei Chetroi

Smile... Tomorrow will be worse. (c) Murphy's Law

Reply to: