[Pkg-openssl-devel] debian stable and CVE-2009-3555 (TLS Renegoatiation flaw): Any recommendation to lenny openssl users?
gmx
ralfhauser at gmx.ch
Mon Nov 30 08:44:18 UTC 2009
To whom it may concern,
As per
http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2009-November/002
265.html etc. there appears to be a solution fro the TLS Renegotiation
problem for "unstable".
For example with postfix, the newer openssl only appears to fix the
renegotiation problem not to break anything else
(http://marc.info/?l=postfix-users&m=125926682723944&w=2).
Since this is a serious security issue - my questions:
1) will there be an upgrade soon for openssl?
2) or at least a branch we could update our openssl without a non apt-get
installation?
It appears that in other packages, things moved quite quickly:
http://lists.debian.org/debian-security-announce/2009/msg00257.html
Any hints would be highly appreciated.
Many thanks in advance
Ralf
More information about the Pkg-openssl-devel
mailing list