On Thu, Dec 09, 2010 at 11:00:53PM +0100, Salvatore Bonaccorso wrote: > Hi Dominic > > On Thu, Dec 09, 2010 at 05:15:41PM +0000, Dominic Hargreaves wrote: > > Has anyone checked to see whether this security issue applies to stable? > > Not yet checked, at least me, so far I have done only first unstable, > now t-p-u upload. I add Moritz, in case he already did? > > In lenny we have: > > ---(snip)--------------------------------------------------------------- > my $verify_mode = $arg_hash->{SSL_verify_mode}; > unless ($verify_mode == Net::SSLeay::VERIFY_NONE()) { > Net::SSLeay::CTX_load_verify_locations( > $ctx, $arg_hash->{SSL_ca_file},$arg_hash->{SSL_ca_path} > ) || return IO::Socket::SSL->error("Invalid certificate authority > locations"); > } > ------------------------------------------------------------------------ > > So here we do not change the verify_mode. So IMHO lenny should be ok, > right?
I'm not familiar with the details of the problem, but this sounds plausible. Thanks for checking. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org