Moritz Muehlenhoff wrote: > MIT Kerberos (krb5) > > No part of MIT Kerberos in Debian Etch uses OpenSSL. In Lenny the separate binary > package krb5-pkinit uses OpenSSL. Instructions on key exchanges for PKINIT operation > will be added soon. Added, as well as xrdp and gforge. Added Thijs's note about iceweasel to a new notvuln page. It would be good to get something about gnupg on there. How does this strike the security team? <h1><a name="gnupg">GnuPG</a></h1> <p> GnuPG does not use OpenSSL, so gpg keys are not impacted by the vulnerability. However, keys that were stored on systems that could be attacked by using weak SSH keys, or other means, could be indirectly exposed, and gpg passphrases sent over ssh connections using weak SSH keys could be potentially exposed. </p> Note: I'm keeping the list sorted, but with openssh at the top, since that's the issue that will affect most people. -- see shy jo
Attachment:
signature.asc
Description: Digital signature