On Fri, Oct 01, 2010 at 12:26:31AM +0200, Kurt Roeckx wrote: > On Wed, Sep 29, 2010 at 02:13:37PM -0700, Kyle Bader wrote: > > > Debian, being a volunteer organization, has it's upsides and > > > downsides. The downside here being without an active volunteer > > > interested in this problem, nothing has happened. > > > > > > What is needed here is someone to step up to the plate: file some bugs; > > > try to find the patches; backport and test them; etc. Bottom line, > > > a little work and communication with maintainers of the affected > > > packages would go a long way toward resolving this. > > > > That was my initial goal in initiating this conversation. I provided > > a link to the patches already: > > > > http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/jaunty/openssl/jaunty-proposed/revision/34 > > I seem to have missed that part in your original mail, and was not > aware of anybody that tried to backport the changes.
So I've prepared a package based on the ubuntu patch. I also went over every commit between the 0.9.8l and 0.9.8m release and am reasonly confident this patch should work properly. The current package is available at: http://people.debian.org/~kroeckx/openssl/rfc5746/ I would welcome people testing it. Note that it might still change based on feedback from people. Kurt -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101111184333.ga31...@roeckx.be
