On Thu, Feb 20, 2003 at 06:17:19PM +0100, Harald Skoglund wrote: > Are there packages under way for this [ > http://www.openssl.org/news/secadv_20030219.txt ] advisory or is the > openssl version in debian not vulnerable?
I imagine there will be an advisory, but I wouldn't lose any sleep over it in the meantime. If you read the details of the bug, you'll find that the exploit scenario is a bit on the theoretical side. -- - mdz
