[Pkg-openssl-devel] debian stable and CVE-2009-3555 (TLS Renegoatiation flaw): Any recommendation to lenny openssl users?

gmx ralfhauser at gmx.ch
Mon Nov 30 08:44:18 UTC 2009


To whom it may concern, 

As per
http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2009-November/002
265.html etc. there appears to be a solution fro the TLS Renegotiation
problem for "unstable".

For example with postfix, the newer openssl only appears to fix the
renegotiation problem not to break anything else
(http://marc.info/?l=postfix-users&m=125926682723944&w=2).

Since this is a serious security issue - my questions:
1) will there be an upgrade soon for openssl?
2) or at least a branch we could update our openssl without a non apt-get
installation?

It appears that in other packages, things moved quite quickly:
http://lists.debian.org/debian-security-announce/2009/msg00257.html

Any hints would be highly appreciated.

Many thanks in advance

   Ralf




More information about the Pkg-openssl-devel mailing list