[arch-dev-public] [signoff] openssl 0.9.8l-1

Eric Bélanger snowmaniscool at gmail.com
Fri Nov 6 09:56:49 EST 2009

On Fri, Nov 6, 2009 at 2:29 AM, Pierre Schmitz <pierre at archlinux.de> wrote:
> Moin,
> you might have heard from the possible MTM attack against TLS. Openssl has
> released a new version which disabled the affected renegotiation feature.
> We should move this to core soon.
> For more information see http://extendedsubset.com/?p=8 and
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555
> Please note that this is more or less a protocol design flaw which means
> that every SSL implementation should be affected, not only openssl (e.g.
> Firefox uses nss and there is also gnutls). So we should have a look at
> those packages, too.
> Pierre
> --
> Pierre Schmitz, https://users.archlinux.de/~pierre

signoff both arches

More information about the arch-dev-public mailing list