Hi Christoph, * Christoph Martin <[EMAIL PROTECTED]> [2008-05-28 17:13]: > Nico Golde schrieb: > > Package: openssl > > Version: 0.9.8f-1 > > Severity: grave > > Tags: security [...] > > | Testing using the Codenomicon TLS test suite discovered a flaw in the > > | handling of server name extension data in OpenSSL 0.9.8f and OpenSSL > > | 0.9.8g. If OpenSSL has been compiled using the non-default TLS server > > | name extensions, a remote attacker could send a carefully crafted > > | packet to a server application using OpenSSL and cause a crash. > > This one does not affect the current Debian version, since it is not > compiled with the tlsext option.
Did you miss:
CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl no-idea no-mdc2 no-rc5 zlib
enable-tlsext
^^^^^^^^^^^^
?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp5xljLDIPuE.pgp
Description: PGP signature
