found 645805 0.9.8o-4 thanks On Tue, Oct 18, 2011 at 08:24:30PM +0200, Florian Weimer wrote: > Package: libssl0.9.8 > Version: 0.9.8o-4squeeze3 > > It seems that there's a remotely triggerable OPENSSL_assert() in the > DTLS code: > > | The reception of incomplete or incorrectly formatted DTLS fragments > | is handled with an OPENSSL_assert(), causing the program to exit > | rather then just terminating the connection. This patch exchanges > | the asserts with unexpected message and illegal parameter alerts. > > <http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest> > > I don't know how functional the DTLS code in squeeze is, perhaps it's > necessary to fix this there, too.
I'm pretty sure we have people using DTLS in squeeze. I currently don't have time to deal with this. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
