Re: openssl update
On Thu, Oct 27, 2005 at 07:29:42AM -0400, Roberto C. Sanchez wrote:
> Date: Thu, 27 Oct 2005 07:29:42 -0400
> From: "Roberto C. Sanchez" <email@example.com>
> To: Alexei Chetroi <firstname.lastname@example.org>,
> Subject: Re: openssl update
> On Thu, Oct 27, 2005 at 01:36:44PM +0300, Alexei Chetroi wrote:
> > Hi,
> > Recently, there was a message in debian-security-announce, regarding
> > vulnerability in openssl package. I did 'aptitude update', but I don't
> > what is wrong? There's no openssl package in security repository.
> Read the advisory again. It only applies to an older version in Woody.
I don't quite understand this advisory. It says that package
openssl094 is affected. But there's no such package, even in oldstable.
Could it be libssl0.9.4?
Later in advisory there's a matrix:
oldstable (woody) stable (sarge) unstable (sid)
openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3
openssl 094 0.9.4-6.woody.4 n/a n/a
openssl 095 0.9.5a-6.woody.6 n/a n/a
openssl 096 n/a 0.9.6m-1sarge1 n/a
openssl 097 n/a n/a 0.9.7g-5
but in sarge it is version 0.9.7e-3, not 0.9.7e-3sarge1. Whether there's
a typo in matrix, or it wasn't uploaded to the server. Could it be
Smile... Tomorrow will be worse. (c) Murphy's Law