Bug#606058: Stable?
Dominic Hargreaves
dom at earth.li
Sun Dec 19 12:40:17 UTC 2010
On Thu, Dec 09, 2010 at 11:00:53PM +0100, Salvatore Bonaccorso wrote:
> Hi Dominic
>
> On Thu, Dec 09, 2010 at 05:15:41PM +0000, Dominic Hargreaves wrote:
> > Has anyone checked to see whether this security issue applies to stable?
>
> Not yet checked, at least me, so far I have done only first unstable,
> now t-p-u upload. I add Moritz, in case he already did?
>
> In lenny we have:
>
> ---(snip)---------------------------------------------------------------
> my $verify_mode = $arg_hash->{SSL_verify_mode};
> unless ($verify_mode == Net::SSLeay::VERIFY_NONE()) {
> Net::SSLeay::CTX_load_verify_locations(
> $ctx, $arg_hash->{SSL_ca_file},$arg_hash->{SSL_ca_path}
> ) || return IO::Socket::SSL->error("Invalid certificate authority locations");
> }
> ------------------------------------------------------------------------
>
> So here we do not change the verify_mode. So IMHO lenny should be ok,
> right?
I'm not familiar with the details of the problem, but this sounds
plausible. Thanks for checking.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the pkg-perl-maintainers
mailing list