Package: openssl Version: 0.9.8g-15+lenny8 Severity: normal According to http://www.openssl.org/news/secadv_20101116.txt openssl 0.9.8g (in lenny) and and 0.9.8o (in squeeze and sid) are vulnerable to CVE-2010-3864.
The link indicates that 0.9.8p fixes this issue, and also includes patches for fixing the problem in any other 0.9.8 version. Still according to the link, this vulnerability "can be exploited in a buffer overrun attack". Best regards, -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-bpo.5-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openssl depends on: ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib ii libssl0.9.8 0.9.8n-1 SSL shared libraries ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20080809 Common CA certificates -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
