Moritz Muehlenhoff <[email protected]> writes: > Package: stunnel4 > Severity: grave > Tags: security > Justification: user security hole > > Hi, > please see http://article.gmane.org/gmane.comp.security.oss.general/12283
According to that post: Mitigations implemented into openssl-0.9.8j (2009) makes the vulnerability not exploitable in stock openssl. The signing code for ECDSA and DSA explicitly seeds the pool with the digest to sign. Squeeze is at openssl 0.9.8o-4squeeze14, I presume that this would have this fix? micah -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

