[Tails-dev] Tails vs. OpenSSL secadv 20120104

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: tails-dev
Subject: [Tails-dev] Tails vs. OpenSSL secadv 20120104
Hi,

I did not check in depth myself, but from what I remember from
discussions that happened last week on #tor-dev, at least one issue
described in OpenSSL secadv_20120104 [0] is pretty much relevant
for Tails (a few cleartext bytes leaking).

Kurt Roeckx, maintainer of OpenSSL in Debian, was asked [1] to provide
fixed packages for Squeeze, and replied [2] he'll try to look at it
this weekend but generally lacks time.

I guess it could help if one of us volunteered to help, e.g.
look how/if the fixes were backported by other distros (none that
I know of, but I may have missed something), get in touch with Kurt,
try test packages in the context of Tor / Tails, etc.

[0] http://openssl.org/news/secadv_20120104.txt
[1] http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2012-January/003046.html
[2] http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2012-January/003054.html

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Did you exchange a walk on part in the war
| for a lead role in the cage?