On Sun, Dec 6, 2009 at 6:04 AM, Yann Rouillard <[email protected]> wrote: > Dear users, > > A security vulnerability has been recently found in the TLS and SSL > protocol part related to the handling of session renegotiation [1]. This > vulnerability allows an attacker to inject arbitrary content at the > beginning of a TLS/SSL connection within a Man-in-the-middle attack. > > This problem is caused by a design flaw in the TLS/SSL protocol and is > difficult to fix in a clean and backward compatible way. As a result the > new openssl release (0.9.8l) which fixes this bug simply completely > disables renegotiation. > > This new package will hit csw unstable mirror very soon.
What is the plan for updating stable? If there are no plans to maintain stable, is there a documented procedure for me to create a custom branch (e.g. mystable) that contains the fixes and updates that I care about? The current stable seems to be a bit stale. -- Mike Gerdts http://mgerdts.blogspot.com/ _______________________________________________ users mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/users
