On Tue, May 13, 2008 at 11:14:59AM -0500, Sean Malloy wrote: > On Tue, May 13, 2008 at 11:37:38AM -0400, Juan Miscaro wrote: > > I guess everyone by now has heard about the very serious libssl > > vulnerability on Debian/Ubuntu? > > > > Just making sure that the source is safe, thanks. > > > > /juan > > Here is a quote from the official Debian Security announcement, > DSA-1571 http://www.debian.org/security/2008/dsa-1571. > > "This is a Debian-specific vulnerability which does not affect other > operating systems which are not based on Debian. However, other systems > can be indirectly affected if weak keys are imported into them."
More details show that someone seriously fucked up in debian. Trusting automated reporting tools like valgrind is fairly dangerous. I'm saddened that people still don't learn. `but this is a serious security warning. This MUST be fixed, valgrind canNOT be wrong.' duh... well, it can, like every tool out there that understands the source only so far... better than some humans, granted, but hopefully not better (yet) than the people who write serious software...
