[Pkg-openssl-devel] Bug#539899: Bug#539899: CVE-2009-2409: spoof certificates by using MD2 design flaws
Giuseppe Iuculano
giuseppe at iuculano.it
Wed Aug 5 13:33:23 UTC 2009
Kurt Roeckx ha scritto:
> Looking at security-tracker, it seem this is also tracked as
> CVE-2009-2408?
#539449 refers to CVE-2009-2408, fixed in the tracker, thanks.
> Please also add openssl097 to the list of affected packages.
Added, thanks.
> Should I prepare packages for stable and oldstable to fix
> this?
Waiting an answer from security team, probably CVE-2009-2409 is not important
enough to get it fixed via regular security update and does not warrant a DSA.
I'm not sure if openssl is affected by CVE-2009-2408, and your answer in #539449
confirms that.
Cheers,
Giuseppe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20090805/6c6cad03/attachment.pgp>
More information about the Pkg-openssl-devel
mailing list