[Pkg-openssl-devel] Bug#747453: Arbitrary key size limitations causing hard-to-diagnose problems when establishing a connection
Wilfried Klaebe
w+reportbug at chaos.in-kiel.de
Fri May 9 01:32:25 UTC 2014
Kurt Roeckx wrote:
> I don't see how the severity of this is critical.
The severity level "critical" is defined as: "makes unrelated software
on the system (or the whole system) break, or causes serious data loss,
or introduces a security hole on systems where you install the package."
<https://www.debian.org/Bugs/Developer>
This bug makes unrelated software on the system break (e.g. ejabberd, no
communication was possible until _both_ sides had the supplied patch
applied), and also could introduce security holes, as clients might fall
back to unencrypted communication.
More information about the Pkg-openssl-devel
mailing list