[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: key rollover for MIT Kerberos

Moritz Muehlenhoff wrote:
> MIT Kerberos (krb5)
> No part of MIT Kerberos in Debian Etch uses OpenSSL. In Lenny the separate binary
> package krb5-pkinit uses OpenSSL. Instructions on key exchanges for PKINIT operation
> will be added soon.

Added, as well as xrdp and gforge. 

Added Thijs's note about iceweasel to a new notvuln page. It would be
good to get something about gnupg on there. How does this strike the
security team?

<h1><a name="gnupg">GnuPG</a></h1>

GnuPG does not use OpenSSL, so gpg keys are not impacted by the
vulnerability. However, keys that were stored on systems that could be
attacked by using weak SSH keys, or other means, could be indirectly
exposed, and gpg passphrases sent over ssh connections using weak SSH
keys could be potentially exposed.

Note: I'm keeping the list sorted, but with openssh at the top, since
that's the issue that will affect most people.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: