[Pkg-openssl-devel] Re: openssl RSA Signature Forgery
(CVE-2006-4339)
Noah Meyerhans
noahm at debian.org
Tue Sep 5 19:07:03 UTC 2006
On Tue, Sep 05, 2006 at 08:19:41PM +0200, Kurt Roeckx wrote:
> We currently have the following in the main archive:
> openssl | 0.9.6c-2.woody.7 | oldstable
> openssl | 0.9.7e-3sarge1 | stable
> openssl096 | 0.9.6m-1sarge1 | stable
> openssl097 | 0.9.7i-1 | testing, unstable
> openssl | 0.9.8b-2 | testing, unstable
>
> In the security archive I find:
> openssl | 0.9.6c-0.potato.6 | potato
> openssl094 | 0.9.4-6.woody.4 | oldstable
> openssl095 | 0.9.5a-6.woody.6 | oldstable
> openssl | 0.9.6c-2.woody.8 | oldstable
> openssl | 0.9.7e-3sarge1 | stable
> openssl096 | 0.9.6m-1sarge1 | stable
>
> (Some of those might be in non-US.)
>
> I'm also not sure if things like openssl094 got all security fixes.
We no longer support woody, so openssl094 should not be an issue.
> I will be uploading packages with the patch provided by upstream to
> unstable soon.
What version string will you be using for your unstable uploads? We
like to mention this in the DSAs when possible.
noah
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20060905/894e2d96/attachment.pgp
More information about the Pkg-openssl-devel
mailing list