Bug#606058: Stable?
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 9 22:00:53 UTC 2010
Hi Dominic
On Thu, Dec 09, 2010 at 05:15:41PM +0000, Dominic Hargreaves wrote:
> Has anyone checked to see whether this security issue applies to stable?
Not yet checked, at least me, so far I have done only first unstable,
now t-p-u upload. I add Moritz, in case he already did?
In lenny we have:
---(snip)---------------------------------------------------------------
my $verify_mode = $arg_hash->{SSL_verify_mode};
unless ($verify_mode == Net::SSLeay::VERIFY_NONE()) {
Net::SSLeay::CTX_load_verify_locations(
$ctx, $arg_hash->{SSL_ca_file},$arg_hash->{SSL_ca_path}
) || return IO::Socket::SSL->error("Invalid certificate authority locations");
}
------------------------------------------------------------------------
So here we do not change the verify_mode. So IMHO lenny should be ok,
right?
Bests
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101209/592e634f/attachment-0001.pgp>
More information about the pkg-perl-maintainers
mailing list