Re: DSA/DSS keys and DSA 1576-1/CVE-2008-0166.

On Thu, May 15, 2008 at 10:37:37AM +1000, Andrew McGlashan wrote: > Okay, if we updated (on stable): > openssl_0.9.8c-4etch3_i386.deb > libssl0.9.8_0.9.8c-4etch3_i386.deb > Then re-generated all keys and certificates. Then you are fine. > Later we get these updates: > openssh-server_1%3a4.3p2

Re: DSA/DSS keys and DSA 1576-1/CVE-2008-0166.

Mario 'BitKoenig' Holbe <[EMAIL PROTECTED]> wrote: > ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally ^ openssl's, of course. regards Mario -- The social dynamics of the net are a direct consequence of

Re: DSA/DSS keys and DSA 1576-1/CVE-2008-0166.

Kurt Roeckx <[EMAIL PROTECTED]> wrote: > So my question is, does either the ssh client or server use openssl to > generate the random number used to sign? Yes, they both do. ssh-dss.c:ssh_dss_sign() calls openssh's DSA_do_sign() which finally goes down to ssleay_rand_add() (via dsa_sign_setup()->B

sendmail-bin: uninstallable due to unavailable libsasl2 (>= 2.1.19.dfsg1)

Package: sendmail-bin Version: 8.13.4-3sarge2 Severity: grave Tags: sarge, security Hello, the just released security fix package 8.13.4-3sarge2 does not install on sarge, because it depends on libsasl2 (>= 2.1.19.dfsg1) while on sarge only libsasl2 (2.1.19-1.5sarge1) is available. Package: send