On Thu, May 15, 2008 at 02:16:25AM +0200, Michael Schmitz wrote: >>> Well, those machines that were installed before etch, should be safe. Can >>> anyone confirm this? >> >> Only if you have an RSA key. DSA (as in, Digital Signature Algorithm) >> keys should be considered compromised, too, since they use the OpenSSL >> randomizer, which is buggy. > > q650 has libssl0.9.7 0.9.7e-3sarge1 - the advisory said the bug was > introduced with 0.9.8c. So it would seem sarge installs are in the clear. > Can we confirm that in some way? Can we backport the fixes to sarge if > necessary?
Everything I've read says that sarge is in the clear. -- Stephen R. Marenka If life's not fun, you're not doing it right! <[EMAIL PROTECTED]>
signature.asc
Description: Digital signature
