[PLUG] Ubuntu security issues
Larry Brigman
larry.brigman at gmail.com
Fri Oct 19 23:21:09 UTC 2007
On 10/19/07, Paul Mullen <pm at nellump.net> wrote:
> On Fri, Oct 19, 2007 at 01:00:46PM -0700, Ed Sawicki wrote:
> >
> > The /usr/share/doc/openssl/changelog starts out like this:
>
> Unless Ubuntu had a better idea, there should also be a
> Debian-specific changelog in /usr/share/doc/openssl. It contains
> information about the patches the Debian package maintainers applied:
>
> $ zcat changelog.Debian.gz | head
> openssl (0.9.8c-4etch1) stable-security; urgency=low
>
> * CVE-2007-5135: Fix off by one error in SSL_get_shared_ciphers().
> (Closes: #444435)
> * Add nagios-nrpe-server, clamav-freshclam and clamav-daemon
> to the list of services to check for restart.
>
> The "Closes: #nnnnnn" refers to a Debian bug report. If you really
> want the gory details, you can look up bug reports at
> <http://www.debian.org/Bugs/>.
>
You might want to take a look at the package name before calling it buggy.
I just found this and it looks like all the patches have been applied
to the old version
but leaving it with the old version tags.
http://www.linuxsecurity.com/content/view/129788
More information about the PLUG
mailing list