← Back to team overview

registry team mailing list archive

[Bug 675566] Re: upgrade to the latest 1.0.0a with its security fixes

 

Just to let everyone know, a security bug has been found in openssl :

(copying from here : http://marc.info/?l=openssl-
announce&m=128992699401945&w=2)

"All versions of OpenSSL supporting TLS extensions contain this
vulnerability including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a
releases."

This is fixed (again copying from the above): 
"Users of all OpenSSL 0.9.8 releases from 0.9.8f through 0.9.8o should update
to the OpenSSL 0.9.8p release which contains a patch to correct this issue.

Users of OpenSSL 1.0.0 and 1.0.0a should update to the OpenSSL 1.0.0b release
which contains a patch to correct this issue."

You can find more information about releases 0.9.8p and 1.0.0b here : 
http://marc.info/?l=openssl-announce&r=1&b=201011&w=2

So i believe this report should be updated to reflect the above and
request openssl 1.0.0b to be included in the latest ubuntu repository
(and maybe consider updating the other related openssl reports in
launchpad concerning 0.9.8 versions)

-- 
upgrade to the latest 1.0.0a with its security fixes
https://bugs.launchpad.net/bugs/675566
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.