On Wed, Sep 29, 2010 at 02:13:37PM -0700, Kyle Bader wrote: > > Debian, being a volunteer organization, has it's upsides and > > downsides. The downside here being without an active volunteer > > interested in this problem, nothing has happened. > > > > What is needed here is someone to step up to the plate: file some bugs; > > try to find the patches; backport and test them; etc. Bottom line, > > a little work and communication with maintainers of the affected > > packages would go a long way toward resolving this. > > That was my initial goal in initiating this conversation. I provided > a link to the patches already: > > http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/jaunty/openssl/jaunty-proposed/revision/34
I seem to have missed that part in your original mail, and was not aware of anybody that tried to backport the changes. > I installed the jaunty package on my lenny machines and the ff error > console warning is gone: > > https://debian-lenny.badercom.net/ > > It appears to work but whenever a package as critical as openssl is > modified it's important to have upstream take a look to make sure > everything looks good. Ubuntu may or may not have done this, I > haven't done the leg work to figure that out but it looks like that > could be the next step. If I/we/whoever can verify this or gain the > blessing of upstream would you consider updating the package Kurt if I > also coordinate this with the Debian apache and nginx packagers? I think there are also other packages affected by this. This probably includes atleast tor. As I understand it they already have some complex code to deal with various versions, you probably want to have input from the maintainer if you want to fix this in stable. I will not have any time to look at this during the next month. If someone wants to put some time in this and upload this to proposed-updates and talk to the other maintainers so that this can all be prepared for a next stable update, I would be happy. Kurt -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100930222631.ga3...@roeckx.be