FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 11-06-2009, 06:29 AM
Pierre Schmitz
 
Default openssl 0.9.8l-1

Moin,

you might have heard from the possible MTM attack against TLS. Openssl has
released a new version which disabled the affected renegotiation feature.
We should move this to core soon.

For more information see http://extendedsubset.com/?p=8 and
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555

Please note that this is more or less a protocol design flaw which means
that every SSL implementation should be affected, not only openssl (e.g.
Firefox uses nss and there is also gnutls). So we should have a look at
those packages, too.

Pierre

--
Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 11-06-2009, 01:30 PM
Daenyth Blank
 
Default openssl 0.9.8l-1

On Fri, Nov 6, 2009 at 02:29, Pierre Schmitz <pierre@archlinux.de> wrote:
>
> Moin,

TU signoff i686
 
Old 11-06-2009, 01:56 PM
Eric Bélanger
 
Default openssl 0.9.8l-1

On Fri, Nov 6, 2009 at 2:29 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
>
> Moin,
>
> you might have heard from the possible MTM attack against TLS. Openssl has
> released a new version which disabled the affected renegotiation feature.
> We should move this to core soon.
>
> For more information see http://extendedsubset.com/?p=8 and
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555
>
> Please note that this is more or less a protocol design flaw which means
> that every SSL implementation should be affected, not only openssl (e.g.
> Firefox uses nss and there is also gnutls). So we should have a look at
> those packages, too.
>
> Pierre
>
> --
> Pierre Schmitz, https://users.archlinux.de/~pierre
>

signoff both arches
 
Old 11-08-2009, 10:13 AM
Ionut Biru
 
Default openssl 0.9.8l-1

On 11/06/2009 09:29 AM, Pierre Schmitz wrote:


Moin,

you might have heard from the possible MTM attack against TLS. Openssl has
released a new version which disabled the affected renegotiation feature.
We should move this to core soon.

For more information see http://extendedsubset.com/?p=8 and
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555

Please note that this is more or less a protocol design flaw which means
that every SSL implementation should be affected, not only openssl (e.g.
Firefox uses nss and there is also gnutls). So we should have a look at
those packages, too.

Pierre


signoff x86_64

--
Ionut
 
Old 11-08-2009, 04:30 PM
Dan McGee
 
Default openssl 0.9.8l-1

On Sun, Nov 8, 2009 at 5:13 AM, Ionut Biru <biru.ionut@gmail.com> wrote:
> On 11/06/2009 09:29 AM, Pierre Schmitz wrote:
>>
>> Moin,
>>
>> you might have heard from the possible MTM attack against TLS. Openssl has
>> released a new version which disabled the affected renegotiation feature.
>> We should move this to core soon.
>>
>> For more information see http://extendedsubset.com/?p=8 and
>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555
>>
>> Please note that this is more or less a protocol design flaw which means
>> that every SSL implementation should be affected, not only openssl (e.g.
>> Firefox uses nss and there is also gnutls). So we should have a look at
>> those packages, too.
>>
>> Pierre
>>
> signoff x86_64

Are you going to move this sometime soon, Pierre?

-Dan
 
Old 11-08-2009, 05:23 PM
Pierre Schmitz
 
Default openssl 0.9.8l-1

Am Sonntag 08 November 2009 18:30:26 schrieb Dan McGee:
> Are you going to move this sometime soon, Pierre?
>

Yes, I think I wont wait for more sign-offs. Any problems with that package
?

--

Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 11-08-2009, 10:44 PM
Allan McRae
 
Default openssl 0.9.8l-1

Pierre Schmitz wrote:

Am Sonntag 08 November 2009 18:30:26 schrieb Dan McGee:

Are you going to move this sometime soon, Pierre?



Yes, I think I wont wait for more sign-offs. Any problems with that package
?



I will signoff both.

Allan
 

Thread Tools




All times are GMT. The time now is 04:30 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org