[Pkg-openssl-devel] Debian OpenSSL CVE-2011-5095
Kurt Roeckx
kurt at roeckx.be
Sat Jun 23 08:57:42 UTC 2012
On Sat, Jun 23, 2012 at 11:22:39AM +0300, Henri Salo wrote:
> Hello,
>
> Is Debian OpenSSL build with FIPS mode? There is vulnerability related to that feature, which has TODO-note in security tracker: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5095
>
> I can create bug-report out of this if we do use FIPS. I am sorry, but I do not know how to check that by myself.
There is no FIPS code in Debian. I understand that there is a
test for it. Can you verify that it doesn't work against
the 0.9.8 version (in stable)?
Kurt
More information about the Pkg-openssl-devel
mailing list