[arch-dev-public] [signoff] openssl 0.9.8l-1
Dan McGee
dpmcgee at gmail.com
Sun Nov 8 12:30:26 EST 2009
On Sun, Nov 8, 2009 at 5:13 AM, Ionut Biru <biru.ionut at gmail.com> wrote:
> On 11/06/2009 09:29 AM, Pierre Schmitz wrote:
>>
>> Moin,
>>
>> you might have heard from the possible MTM attack against TLS. Openssl has
>> released a new version which disabled the affected renegotiation feature.
>> We should move this to core soon.
>>
>> For more information see http://extendedsubset.com/?p=8 and
>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555
>>
>> Please note that this is more or less a protocol design flaw which means
>> that every SSL implementation should be affected, not only openssl (e.g.
>> Firefox uses nss and there is also gnutls). So we should have a look at
>> those packages, too.
>>
>> Pierre
>>
> signoff x86_64
Are you going to move this sometime soon, Pierre?
-Dan
More information about the arch-dev-public
mailing list