On Wed, Dec 28, 2005 at 10:57:42AM +0100, Javier Fernández-Sanguino Peña wrote: > severity 343487 grave > tags 343487 pending confirmed sid etch > reassign 343487 nessus > thanks > > I downgraded the nessus client version to 2.2.5-2 (which is *not* compiled > against both 0.9.7 and 0.9.8 SSL libraries) and it worked fine. > > The issue should be fixed by recompiling the client against a set of the > libraries, and should affect only the 2.2.5-3 version under i386. Notice, > also that the package has an undeclared dependency on libssl0.9.7 (the binary > is linked against that one). > > I will try to rebuild it in a clean environment and see if I can get rid of > the libssl0.9.7 dependencies that way. Other nessus-related packages (libnasl > and nessus-plugins) might need to be recompiled too.
After seeing Javier's message on the nessus mailing list (http://mail.nessus.org/pipermail/nessus/2005-December/msg00244.html, which points to #338006, which is a bug in openssl 0.9.8), I tried rebuilding nessus and nessusd in a clean sid chroot with only openssl 0.9.7 installed, as Javier suggested doing. Because of Hadmut's message in this bug, I rebuild libnasl as well. The resulting packages naturally only depend on libssl0.9.7, and seem to work fine. This might be a workaround. The re-built packages for sid are available on http://zg.debian.zugschlus.de/zg/pool/main/libnasl and http://zg.debian.zugschlus.de/zg/pool/main/nessus-core Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
