Quoting [EMAIL PROTECTED] (Martin Schulze): > -------------------------------------------------------------------------- > Debian Security Advisory DSA 881-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > November 4th, 2005 http://www.debian.org/security/faq > -------------------------------------------------------------------------- > > Package : openssl096 > Vulnerability : cryptographic weakness > Problem type : remote > Debian-specific: no > CVE ID : CVE-2005-2969 > > Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer > (OpenSSL) library that can allow an attacker to perform active > protocol-version rollback attacks that could lead to the use of the > weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS > 1.0. > > The following matrix explains which version in which distribution has > this problem corrected. > > oldstable (woody) stable (sarge) unstable (sid) > openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 > openssl 094 0.9.4-6.woody.4 n/a n/a > openssl 095 0.9.5a-6.woody.6 n/a n/a > openssl 096 n/a 0.9.6m-1sarge1 n/a > openssl 097 n/a n/a 0.9.7g-5 > > We recommend that you upgrade your libssl packages.
With an upgrade like this, doesn't all the packages that links with OpenSSL needs to be re-packaged? -- Ortega nuclear FSF Qaddafi congress subway president jihad Mossad terrorist Ft. Bragg Ft. Meade arrangements spy DES [See http://www.aclu.org/echelonwatch/index.html for more about this] [Or http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf] If neither of these works, try http://www.aclu.org and search for echelon. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
