On Tue, 07 Jan 2003 at 08:00:11AM -0700, Miles Beck wrote:
> Is there an updated OPENSSL package for Debian greater than OpenSSL-0.9.6c?
>
> ~/Net_SSLeay.pm-1.21$ perl Makefile.PL
> Checking for OpenSSL-0.9.6g or newer...
> You have OpenSSL-0.9.6c installed in /usr
> openssl-0.9.6d and earlier versions have security flaws, see advisory at
> www.openssl.org, upgrading to openssl-0.9.6g is recommended.
What date is on the advisory? Is it fixed by one of these Debian
changelog entries?
openssl (0.9.6c-2.woody.1) stable-security; urgency=low
* Update to asn1 fix corrects bounds checking error.
-- Michael Stone <[EMAIL PROTECTED]> Sat, 03 Aug 2002 08:08:15 -0400
openssl (0.9.6c-2.woody.0) stable-security; urgency=low
* SECURITY: patch for various overflows (upstream security patch
0.9.6d->0.9.6e)
-- Michael Stone <[EMAIL PROTECTED]> Mon, 29 Jul 2002 21:34:41 -0400
Regards,
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #131: Monitor VLF leakage
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
