Moritz Muehlenhoff <j...@inutil.org> writes: > Package: stunnel4 > Severity: grave > Tags: security > Justification: user security hole > > Hi, > please see http://article.gmane.org/gmane.comp.security.oss.general/12283
According to that post: Mitigations implemented into openssl-0.9.8j (2009) makes the vulnerability not exploitable in stock openssl. The signing code for ECDSA and DSA explicitly seeds the pool with the digest to sign. Squeeze is at openssl 0.9.8o-4squeeze14, I presume that this would have this fix? micah -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
