[Pkg-openssl-devel] [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

Christoph Martin martin at uni-mainz.de
Mon May 19 11:13:46 UTC 2008


The Ubuntu openssl maintainers released a openssl-blacklist equivalent
to the openssh-blacklist package. It includes a blacklist with
compromised openssl key hashes and a program with a openssl-vulnkey
program suitable to test your openssl key files.

I think it would be a good think to coordinate the work between debian
and ubuntu and to incorporate this package into debian main.

I am not shure how to include this into a security update and how to
make the users check all there keys. It would be nice to have at least a
warning from libssl if a compromised key is used. The securest way would
be to disable the keys like openssh.

What do you think?

Christoph

-- 
============================================================================
Christoph Martin, Leiter der EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin at Verwaltung.Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20080519/fe196929/attachment.pgp 


More information about the Pkg-openssl-devel mailing list