Bug#823180: getting openssl error when trying to enroll my browser

2016-05-01 Thread Michael Stapelberg
Package: sso.debian.org Severity: normal I’m logged into sso.debian.org using my password and I’m on https://sso.debian.org/spkac/enroll/. When clicking “Get certificate” (not changing any of the form fields), the resulting page contains a red message stating “/usr/bin/openssl failed”. Is this

Re: openssl version

2012-01-26 Thread Thijs Kinkhorst
tp://packages.debian.org/squeeze/openssl is > 0.9.8o-4squeeze5 and it was issued for the previous bug. 0.9.8o-4squeeze7 is the correct package version to fix those problems, and the security archive contains those packages. If you update through APT you will get the corrected packages. It

Re: Broken links - OpenSSL package

2009-04-09 Thread Frans Pop
Mike Ash wrote: > There are a few broken links on the OpenSSL package page (in the > "Links for openssl" section) for both etch and lenny. Specifically > the changelog and copyright pages. Patch tracking isn't reporting any > packages relating to openssl either. I wo

Broken links - OpenSSL package

2009-04-09 Thread Mike Ash
There are a few broken links on the OpenSSL package page (in the "Links for openssl" section) for both etch and lenny. Specifically the changelog and copyright pages. Patch tracking isn't reporting any packages relating to openssl either. http://packages.debian.org/et

Re: key rollover: Generic OpenSSL PEM instructions

2008-05-17 Thread Jens Seidel
On Sun, May 18, 2008 at 05:32:23AM +0900, Yukio Shiiya wrote: > I found a typo on the following page. > http://www.debian.org/security/key-rollover/index.en.html#openssl > > s/OpenSLL/OpenSSL/ > > Could you correct it? I found it independently from you and fixed it alre

Re: key rollover: Generic OpenSSL PEM instructions

2008-05-17 Thread Matt Kraai
On Sun, May 18, 2008 at 05:32:23AM +0900, Yukio Shiiya wrote: > I found a typo on the following page. > http://www.debian.org/security/key-rollover/index.en.html#openssl > > s/OpenSLL/OpenSSL/ > > Could you correct it? Thanks for pointing this out. It appears that Jens S

Re: key rollover: Generic OpenSSL PEM instructions

2008-05-17 Thread Yukio Shiiya
t; see shy jo I found a typo on the following page. http://www.debian.org/security/key-rollover/index.en.html#openssl s/OpenSLL/OpenSSL/ Could you correct it? Thanks, -- Yukio Shiiya -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: key rollover: Generic OpenSSL PEM instructions

2008-05-16 Thread Joey Hess
Moritz Muehlenhoff wrote: > please add this to the top next to OpenSSH, since it can be referenced > by the instructions for several other packages. mmmkay. -- see shy jo signature.asc Description: Digital signature

key rollover: Generic OpenSSL PEM instructions

2008-05-16 Thread Moritz Muehlenhoff
Hi, please add this to the top next to OpenSSH, since it can be referenced by the instructions for several other packages. OpenSSL: Generic PEM key generation instructions This is just a reminder for those who (re-)generate PEM encoded

Re: Fwd: Implications of Debian OpenSSL flaw for MIT PKINIT

2008-05-16 Thread Russ Allbery
5.0 -0700 +++ rollover.html 2008-05-16 15:07:11.0 -0700 @@ -261,27 +261,36 @@ in Debian 4.0 is not affected at all. -In Lenny the separate binary package krb5-pkinit uses OpenSSL. - - -MIT Kerberos itself does not generate long-term key pairs even when the -PKINIT plugi

Re: Fwd: Implications of Debian OpenSSL flaw for MIT PKINIT

2008-05-16 Thread Joey Hess
Russ Allbery wrote: > Here is the confirmation and analysis from upstream, forwarded with > permission. Another person (not publicly, so I won't mention his name > just in case he didn't wish to be mentioned) also pointed out that since > you can break the encryption used to protect the TGT, you c

Fwd: Implications of Debian OpenSSL flaw for MIT PKINIT

2008-05-16 Thread Russ Allbery
Here is the confirmation and analysis from upstream, forwarded with permission. Another person (not publicly, so I won't mention his name just in case he didn't wish to be mentioned) also pointed out that since you can break the encryption used to protect the TGT, you can also then use that Kerber

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Rene Mayrhofer
Dear Thijs, On Mittwoch, 14. Mai 2008, Thijs Kinkhorst wrote: > > I also don't think it's > > reasonable for all packages that somehow use(d) openssl to create keys to > > do their own security fix as openssh-server did (for openssh, I think > > that's a go

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Thijs Kinkhorst
On Wednesday 14 May 2008 12:50, Rene Mayrhofer wrote: > What's the current status concerning an automated "fixer" package that > would do all the work of re-created the keys like the openssh-server > package currently does? I don't think it's reasonable to just

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Rene Mayrhofer
judgment in making that page. What's the current status concerning an automated "fixer" package that would do all the work of re-created the keys like the openssh-server package currently does? I don't think it's reasonable to just distribute the fixed openssl and say (only i

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Thijs Kinkhorst
On Wednesday 14 May 2008 11:16, Gerfried Fuchs wrote: >  I've asked several times on #debian-security about what to add to > there, a question to [EMAIL PROTECTED] got unanswered so far, too. I would > be fine to add any informations, I just don't like linking to a wiki > page[1] for security relat

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Gerfried Fuchs
Am Mittwoch, den 14.05.2008, 09:35 +0200 schrieb Rene Mayrhofer: > rm /etc/ssh/ssh_host_* > dpkg-reconfigure openssh-server > /etc/init.d/ssh restart FWIW, the dpkg-reconfigure openssh-server does the restart implicitly, you don't need to explicitly do a restart afterwards, again. > Who is curre

Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-14 Thread Rene Mayrhofer
On Dienstag, 13. Mai 2008, Vincent Bernat wrote: > - As a maintainer of a package that have generated certificates using >OpenSSL, how should we handle the issue? I'm in the same situation (maintaining openswan and strongswan, and both packages may automatically create X.509 c

Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-13 Thread Gerfried Fuchs
Am Dienstag, den 13.05.2008, 15:51 +0200 schrieb Stephane Bortzmeyer: > On Tue, May 13, 2008 at 03:44:24PM +0200, > > > packages," and this link is broken: there is no > > > security-tracker.debian.org. > > > > Just in case you don't know about it yet, try .net. > > Nice and useful but the Web pa

Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-13 Thread Stephane Bortzmeyer
On Tue, May 13, 2008 at 03:44:24PM +0200, Cyril Brulebois <[EMAIL PROTECTED]> wrote a message of 31 lines which said: > > By the way, the page > > has a link > > http://security-tracker.debian.org/, labeled "The Debian Security > > Tracker has

Re: Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-13 Thread Cyril Brulebois
On 13/05/2008, Stephane Bortzmeyer wrote: > By the way, the page > has a link > http://security-tracker.debian.org/, labeled "The Debian Security > Tracker has the canonical list of CVE names, corresponding Debian > packages," and this link is brok

Broken link on Debian CVE Web page (Was: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

2008-05-13 Thread Stephane Bortzmeyer
On Tue, May 13, 2008 at 02:06:39PM +0200, Florian Weimer <[EMAIL PROTECTED]> wrote a message of 274 lines which said: > This is caused by an incorrect Debian-specific change to the openssl > package (CVE-2008-0166). By the way, the page <http://www.debian.org/security/cve-compa

Re: Small Typo in DSA-253 (OpenSSL)

2003-03-05 Thread Gerfried Fuchs
* Frank Lichtenheld <[EMAIL PROTECTED]> [2003-03-04 23:05]: > First paragraph, Last Sentence should be: OpenSSL has been found to > __be__ vulnerable to this attack. Fixed, thanks. Alfie -- (o)_,---ooO--00--Ooo---. _ (>)_ ,' Gerfried Fuchs `.\__/U

Small Typo in DSA-253 (OpenSSL)

2003-03-04 Thread Frank Lichtenheld
First paragraph, Last Sentence should be: OpenSSL has been found to __be__ vulnerable to this attack. Frank -- Frank Lichtenheld www: http://www.djpig.de mail: [EMAIL PROTECTED]

Re: OpenSSL

2003-03-04 Thread Francois Chenais
In fact, if we compare the frequency this error occurs and the number of mails generated by the flamed reply, the flamed reply is more OT than the French mail !! Even if we spend time to find what is the better choice to tag the subject, "the error is human !" I think the better way is

Re: OpenSSL

2003-03-04 Thread Peter Karlsson
Pierre Machard: > Problems with existing mirrors can be reported at [EMAIL PROTECTED] > [En] > With a link to a footnote explaining what [En], [Es], [Fi].. means Why a footnote? [En] (or even if we want it to work in IE) -- \\// Peter - http://www.softwolves.pp.se/ I do not read or respond

Re: OpenSSL

2003-03-04 Thread Pierre Machard
Hi On tue mar 04 2003 at 10:37 -0300, Henrique de Moraes Holschuh wrote: [...] > Now, THAT is something we can address. I propose we make it even more > clear that certain mailing lists are in English, so that people doing a > fast read of lists.d.o will notice that fact. > > Adding a [language]