Bug#606058: Stable?

Sun Dec 19 12:40:17 UTC 2010

On Thu, Dec 09, 2010 at 11:00:53PM +0100, Salvatore Bonaccorso wrote:
> Hi Dominic
> 
> On Thu, Dec 09, 2010 at 05:15:41PM +0000, Dominic Hargreaves wrote:
> > Has anyone checked to see whether this security issue applies to stable?
> 
> Not yet checked, at least me, so far I have done only first unstable,
> now t-p-u upload. I add Moritz, in case he already did?
> 
> In lenny we have:
> 
> ---(snip)---------------------------------------------------------------
>     my $verify_mode = $arg_hash->{SSL_verify_mode};
>     unless ($verify_mode == Net::SSLeay::VERIFY_NONE()) {
>         Net::SSLeay::CTX_load_verify_locations(
>             $ctx, $arg_hash->{SSL_ca_file},$arg_hash->{SSL_ca_path}
>         ) || return IO::Socket::SSL->error("Invalid certificate authority locations");                               
>     }
> ------------------------------------------------------------------------
> 
> So here we do not change the verify_mode. So IMHO lenny should be ok,
> right?

I'm not familiar with the details of the problem, but this sounds
plausible. Thanks for checking.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)