[Pkg-openssl-devel] openssl RSA Signature Forgery (CVE-2006-4339)
Kurt Roeckx
kurt at roeckx.be
Tue Sep 5 18:19:41 UTC 2006
Hi,
There has been an announcement of a new security problem in openssl.
The advisory is available at:
http://www.openssl.org/news/secadv_20060905.txt
It also has a link to a patch that should apply to versions 0.9.6 to
0.9.8.
We currently have the following in the main archive:
openssl | 0.9.6c-2.woody.7 | oldstable
openssl | 0.9.7e-3sarge1 | stable
openssl096 | 0.9.6m-1sarge1 | stable
openssl097 | 0.9.7i-1 | testing, unstable
openssl | 0.9.8b-2 | testing, unstable
In the security archive I find:
openssl | 0.9.6c-0.potato.6 | potato
openssl094 | 0.9.4-6.woody.4 | oldstable
openssl095 | 0.9.5a-6.woody.6 | oldstable
openssl | 0.9.6c-2.woody.8 | oldstable
openssl | 0.9.7e-3sarge1 | stable
openssl096 | 0.9.6m-1sarge1 | stable
(Some of those might be in non-US.)
I'm also not sure if things like openssl094 got all security fixes.
I will be uploading packages with the patch provided by upstream to
unstable soon.
Kurt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20060905/8be19259/attachment.pgp
More information about the Pkg-openssl-devel
mailing list