On Thu, May 15, 2008 at 02:16:25AM +0200, Michael Schmitz wrote: >>> Well, those machines that were installed before etch, should be safe. Can >>> anyone confirm this? >> >> Only if you have an RSA key. DSA (as in, Digital Signature Algorithm) >> keys should be considered compromised, too, since they use the OpenSSL >> randomizer, which is buggy. > > q650 has libssl0.9.7 0.9.7e-3sarge1 - the advisory said the bug was > introduced with 0.9.8c. So it would seem sarge installs are in the clear. > Can we confirm that in some way?
Ah, yes, that's true. > Can we backport the fixes to sarge if necessary? It isn't. -- <Lo-lan-do> Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
