Mailinglist Archive: opensuse-security (137 mails)

< Previous Next >
Re: [suse-security] OpenSSL 0.9.7g for SuSE 9.1 ?
  • From: Thomas Biege <thomas@xxxxxxx>
  • Date: Mon, 20 Jun 2005 15:53:38 +0200
  • Message-id: <20050620135338.GF27989@xxxxxxx>
On Mon, Jun 20, 2005 at 02:17:05PM +0200, Ralph Seichter wrote:
> Thomas Biege wrote:
>
> > Err, I was too much in the security-scope. We also fix
> > non-security bugs. But that depends on the bug and the problem
> > it causes.
>
> Well, one could consider any bug in OpenSSL as being a security
> bug, considering the nature of the software... ;-)
>
> > What bugs do you like to see to be fixed?
>
> http://www.openssl.org/news/vulnerabilities.html mentions
> CAN-2004-0975 as affecting OpenSSL 0.9.7d and being fixed in version

This bug will be fixed together with the next update of openssl.
Frankly this is a very minor bug. :)


> 0.9.7f. http://www.openssl.org/news/changelog.html lists a whole
> bunch of fixes, changes and additions between 0.9.7d and 0.9.7g,
> so I consider it worthwhile to have the latest stable OpenSSL
> version (0.9.7g) available on the servers under my responsibility.

We don't do version updates (with some exceptions) due to bad
sideeffects.


--
Bye,
Thomas
--
Thomas Biege <thomas@xxxxxxx>, SUSE LINUX, Security Support & Auditing
--

Ray's Rule of Precision:
Measure with a micrometer. Mark with chalk. Cut with an axe.

< Previous Next >