[Pkg-openssl-devel] Bug#444435: Bug#444435: Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()
Kurt Roeckx
kurt at roeckx.be
Fri Sep 28 20:19:11 UTC 2007
On Fri, Sep 28, 2007 at 03:59:46PM -0400, Noah Meyerhans wrote:
> On Fri, Sep 28, 2007 at 09:53:34PM +0200, Kurt Roeckx wrote:
> >
> > I've also prepared an upload for stable-security at
> > people.debian.org/~kroeckx/openssl
>
> Thanks. Is there any chance of fixing this for oldstable?
The security team wasn't interested in doing updates for
oldstable-security before. I think the version of the
openssl source package in oldstable still has 4 or 5 security
bugs. The openssl096 has either the same or even more.
I can prepare a packages fixing all of them if you want.
There is still CVE-2007-3108 / #438142 that's present in oldstable and
stable. This is probably something nobody cares about.
I'll still do one for openssl097 in stable.
Kurt
More information about the Pkg-openssl-devel
mailing list