Bug#584592: marked as done (Two security issues)

Sun, 06 Jun 2010 06:06:20 -0700 

Your message dated Sun, 6 Jun 2010 15:03:47 +0200
with message-id <20100606130347.ga2...@roeckx.be>
and subject line Re: [Pkg-openssl-devel] Bug#584592: Two security issues
has caused the Debian Bug report #584592,
regarding Two security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
584592: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584592
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: openssl
Version: 0.9.8n-1
Severity: grave
Tags: security

Please see http://www.openssl.org/news/secadv_20100601.txt

Lenny is not affected.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssl depends on:
ii  libc6                   2.10.2-9         Embedded GNU C Library: Shared lib
ii  libssl0.9.8             0.9.8n-1         SSL shared libraries
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates               20090814   Common CA certificates

-- no debconf information

--- End Message ---
--- Begin Message --- 
On Sat, Jun 05, 2010 at 12:31:15AM +0200, Kurt Roeckx wrote:
> On Sat, Jun 05, 2010 at 12:02:18AM +0200, Moritz Muehlenhoff wrote:
> > Package: openssl
> > Version: 0.9.8n-1
> > Severity: grave
> > Tags: security
> > 
> > Please see http://www.openssl.org/news/secadv_20100601.txt
> 
> The first one says:
> CMS is only present in OpenSSL 0.9.8h and later where it is disabled by
> default and 1.0.0 where it is enabled by default.
> 
> I don't remember enabling it, so I asssume we're not affected by
> it, but I will take a closer look.
> 
> The other one only affects 1.0, so that's also not a problem.

So as far as I can tell, this does not apply to any version in
Debian, closing the bug.


Kurt

--- End Message ---

Reply via email to