DSA-1888-1

Name	DSA-1888-1
Source	Debian
Description	openssl - cryptographic weakness
References	CVE-2009-2409
Debian/oldstable	packages openssl, openssl097 are fixed in oldstable-security.
Debian/stable	not vulnerable
Debian/testing	not known to be vulnerable
Debian/unstable	not known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
openssl (PTS)	etch	0.9.8c-4etch4	vulnerable
	etch (security)	0.9.8c-4etch9	fixed
	lenny, lenny (security)	0.9.8g-15+lenny6	fixed
openssl097 (PTS)	etch	0.9.7k-3.1etch2	vulnerable
	etch (security)	0.9.7k-3.1etch5	fixed

The next table lists affected binary packages.

Binary Package	Release	Version	Status	Architecures
libssl-dev, libssl0.9.8, libssl0.9.8-dbg, openssl	etch	0.9.8c-4etch4	vulnerable	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	etch (security)	0.9.8c-4etch9	fixed	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	lenny, lenny (security)	0.9.8g-15+lenny6	fixed	alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libssl0.9.7, libssl0.9.7-dbg	etch	0.9.7k-3.1etch2	vulnerable	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	etch (security)	0.9.7k-3.1etch5	fixed	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
openssl	source	etch	0.9.8c-4etch9	unknown
openssl	source	lenny	0.9.8g-15+lenny5	unknown
openssl097	source	etch	0.9.7k-3.1etch5	unknown

Home - Testing Security Team - Debian Security - Imprint