[Pkg-openssl-devel] Re: openssl RSA Signature Forgery (CVE-2006-4339)

Kurt Roeckx kurt at roeckx.be
Tue Sep 5 19:41:40 UTC 2006


On Tue, Sep 05, 2006 at 03:07:03PM -0400, Noah Meyerhans wrote:
> > I will be uploading packages with the patch provided by upstream to
> > unstable soon.

The libssl postinst has a script to detect packages that are known to
use libssl and have a daemon, so they can be restarted.  I've activated
the script for upgrades to 0.9.8b-3.  Afaik, this will fail with the
0.9.7 (and older) versions because the script was broken.

I suggest you just put in your advisory that some daemons need to be
restarted.


Kurt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20060905/4738666a/attachment.pgp


More information about the Pkg-openssl-devel mailing list